diff --git a/test/jdk/ProblemList-FIPS140_3_OpenJcePlus.txt b/test/jdk/ProblemList-FIPS140_3_OpenJcePlus.txt
index fab7277db40..b4d8e577f83 100644
--- a/test/jdk/ProblemList-FIPS140_3_OpenJcePlus.txt
+++ b/test/jdk/ProblemList-FIPS140_3_OpenJcePlus.txt
@@ -17,916 +17,3 @@
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, see .
# ===========================================================================
-
-#
-# Exclude tests list from sanity.openjdk
-#
-com/sun/crypto/provider/CICO/CICODESFuncTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/CICO/CICOSkipTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/CICO/PBEFunc/CICOPBEFuncTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AEAD/Encrypt.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AEAD/GCMLargeDataKAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AEAD/GCMParameterSpecTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AEAD/KeyWrapper.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AEAD/ReadWriteSkip.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AEAD/SameBuffer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AEAD/SealedObjectTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AEAD/WrongAAD.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/CICO.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/CTR.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/Padding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/Test4511676.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/Test4512524.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/Test4512704.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/Test4513830.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/Test4517355.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/Test4626070.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/TestAESCipher.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/TestAESCiphers/TestAESWithDefaultProvider.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/TestAESCiphers/TestAESWithProviderChange.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/TestAESCiphers/TestAESWithRemoveAddProvider.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/TestCICOWithGCM.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/TestCICOWithGCMAndAAD.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/TestCopySafe.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/TestGCMKeyAndIvCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/TestISO10126Padding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/TestKATForECB_IV.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/TestKATForECB_VK.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/TestKATForECB_VT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/TestKATForGCM.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/TestNoPaddingModes.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/TestNonexpanding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/TestSameBuffer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/AES/TestShortBuffer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/Blowfish/BlowfishTestVector.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/Blowfish/TestCipherBlowfish.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/CTR/CounterMode.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/CTS/CTSMode.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/ChaCha20/ChaCha20KAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/ChaCha20/ChaCha20KeyGeneratorTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/ChaCha20/ChaCha20NoReuse.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/ChaCha20/ChaCha20Poly1305ParamTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/ChaCha20/OutputSizeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/ChaCha20/unittest/ChaCha20CipherUnitTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/ChaCha20/unittest/ChaCha20Poly1305ParametersUnitTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/DES/DESKeyCleanupTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/DES/DESSecretKeySpec.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/DES/DesAPITest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/DES/DoFinalReturnLen.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/DES/FlushBug.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/DES/KeyWrapping.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/DES/PaddingTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/DES/Sealtest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/DES/TestCipherDES.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/DES/TestCipherDESede.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/DES/TextPKCS5PaddingTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/JCE/Bugs/4686632/Empty.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/KeyWrap/NISTWrapKAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/KeyWrap/TestCipherKeyWrapperTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/KeyWrap/TestGeneral.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/KeyWrap/TestKeySizeCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/KeyWrap/XMLEncKAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/CheckPBEKeySize.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/DecryptWithoutParameters.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/NegativeLength.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/PBEInvalidParamsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/PBEKeyCleanupTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/PBEKeyTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/PBEKeysAlgorithmNames.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/PBEParametersTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/PBES2Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/PBESameBuffer/PBESameBuffer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/PBESealedObject.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/PBKDF2Translate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/PBMacBuffer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/PBMacDoFinalVsUpdate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/PKCS12Cipher.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/PKCS12CipherKAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/PKCS12Oid.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/TestCipherKeyWrapperPBEKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/TestCipherPBE.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/PBE/TestCipherPBECons.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/RC2ArcFour/CipherKAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/RSA/TestOAEP.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/RSA/TestOAEPPadding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/RSA/TestOAEPParameterSpec.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/RSA/TestOAEPWithParams.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/RSA/TestOAEP_KAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/RSA/TestRSA.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/TextLength/SameBufferOverwrite.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/TextLength/TestCipherTextLength.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/UTIL/StrongOrUnlimited.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Cipher/UTIL/SunJCEGetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/KeyAgreement/DHGenSharedSecret.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/KeyAgreement/DHKeyAgreement2.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/KeyAgreement/DHKeyAgreement3.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/KeyAgreement/DHKeyAgreementPadding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/KeyAgreement/DHKeyFactory.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/KeyAgreement/DHKeyGenSpeed.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/KeyAgreement/SameDHKeyStressTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/KeyAgreement/SupportedDHKeys.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/KeyAgreement/SupportedDHParamGens.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/KeyAgreement/SupportedDHParamGensLongKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/KeyAgreement/TestExponentSize.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/KeyAgreement/UnsupportedDHKeys.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/KeyFactory/PBKDF2HmacSHA1FactoryTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/KeyFactory/TestProviderLeak.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/KeyGenerator/Test4628062.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/KeyGenerator/TestExplicitKeyLength.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Mac/DigestCloneabilityTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Mac/EmptyByteBufferTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Mac/HmacMD5.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Mac/HmacPBESHA1.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Mac/HmacSHA512.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Mac/HmacSaltLengths.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Mac/LargeByteBufferTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Mac/MacClone.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Mac/MacKAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Mac/MacSameTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/Mac/NullByteBufferTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/NSASuiteB/TestAESOids.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/NSASuiteB/TestAESWrapOids.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/NSASuiteB/TestHmacSHAOids.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/TLS/TestKeyMaterial.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/TLS/TestLeadingZeroes.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/TLS/TestMasterSecret.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/TLS/TestPRF.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/TLS/TestPRF12.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/crypto/provider/TLS/TestPremaster.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/org/apache/xml/internal/security/ShortECDSA.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/org/apache/xml/internal/security/SignatureKeyInfo.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/org/apache/xml/internal/security/TruncateHMAC.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/lang/Class/GetPackageBootLoaderChildLayer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/lang/ClassLoader/forNameLeak/ClassForNameLeak.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/lang/SecurityManager/CheckSecurityProvider.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/lang/reflect/records/IsRecordTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/lang/reflect/records/RecordPermissionsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/lang/reflect/records/RecordReflectionTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/lang/runtime/ObjectMethodsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/math/BigInteger/ModPow65537.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyAgreement/KeyAgreementTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyAgreement/KeySizeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyAgreement/KeySpecTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyAgreement/MultiThreadTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyAgreement/NegativeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyFactory/Failover.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyFactory/GenerateRSAPrivateCrtKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyFactory/KeyFactoryGetKeySpecForInvalidSpec.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyPairGenerator/Failover.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyPairGenerator/GenerateKeypair.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyPairGenerator/GenerateRSAKeyPair.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyRep/Serial.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyRep/SerialDSAPubKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyRep/SerialOld.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyStore/CheckInputStream.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyStore/EntryMethods.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyStore/KeyStoreBuilder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyStore/OneProbeOneNot.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyStore/PBETest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyStore/PKCS12/ConvertP12Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyStore/PKCS12/EntryProtectionTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyStore/PKCS12/MetadataEmptyTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyStore/PKCS12/MetadataStoreLoadTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyStore/PKCS12/ReadP12Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyStore/PKCS12/StoreTrustedCertAPITest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyStore/PKCS12/StoreTrustedCertKeytool.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyStore/PKCS12/WriteP12Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyStore/ProbeKeystores.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyStore/TestKeyStoreBasic.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/KeyStore/TestKeyStoreEntry.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/MessageDigest/ByteBuffers.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/MessageDigest/TestCloneable.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/MessageDigest/TestDigestIOStream.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Policy/GetInstance/GetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Policy/SignedJar/SignedJarTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Provider/ChangeProviders.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Provider/DefaultProviderList.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Provider/GetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Provider/NewInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Provider/SecurityProviderModularTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Provider/SupportsParameter.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Provider/Turkish.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/SecureClassLoader/DefineClass.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/SecureRandom/ApiTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/SecureRandom/DefaultAlgo.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/SecureRandom/DefaultProvider.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/SecureRandom/EnoughSeedTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/SecureRandom/GetAlgorithm.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/SecureRandom/GetInstanceTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/SecureRandom/MultiThreadTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/SecureRandom/NoSync.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/SecureRandom/Serialize.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/SecureRandom/SerializedSeedTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/SecureRandom/ThreadSafe.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Security/CaseInsensitiveAlgNames.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Security/ClassLoaderDeadlock/Deadlock.sh https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Security/removing/RemoveProviderByIdentity.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Security/signedfirst/DynStatic.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Signature/ByteBuffers.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Signature/NONEwithRSA.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Signature/Offsets.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Signature/ResetAfterException.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Signature/SignWithOutputBuffer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Signature/SignatureGetAlgorithm.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Signature/SignatureGetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Signature/SignatureLength.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Signature/TestCloneable.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Signature/TestInitSignWithMyOwnRandom.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/Signature/VerifyRangeCheckOverflow.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/SignedObject/Chain.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/SignedObject/Copy.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/SignedObject/Correctness.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/CertPathBuilder/selfIssued/DisableRevocation.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/CertPathBuilder/selfIssued/KeyUsageMatters.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/CertPathBuilder/selfIssued/StatusLoopDependency.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/CertPathBuilder/targetConstraints/BuildEEBasicConstraints.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/CertPathBuilder/zeroLengthPath/ZeroLengthPath.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/CertPathValidator/OCSP/AIACheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/CertPathValidator/OCSP/GetAndPostTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevel.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevelRevoked.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevel.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevelRevoked.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/CertPathValidator/nameConstraintsRFC822/ValidateCertPath.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/GetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/PKIXRevocationChecker/OcspUnauthorized.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/PKIXRevocationChecker/UnitTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/PolicyNode/GetPolicyQualifiers.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/X509CRL/VerifyDefault.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/X509Certificate/GetSigAlgParams.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/cert/pkix/policyChanges/TestPolicy.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/misc/TestDefaultRandom.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/security/spec/PKCS8EncodedKeySpec/Algorithm.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/util/concurrent/tck/JSR166TestCase.java#others https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/util/jar/JarFile/ScanSignedJar.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/util/jar/JarFile/SignedJarFileGetInputStream.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/util/jar/JarFile/SignedJarPendingBlock.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/util/jar/JarFile/TurkCert.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/util/jar/JarFile/VerifySignedJar.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/util/jar/JarFile/mrjar/MultiReleaseJarAPI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/util/jar/JarFile/mrjar/MultiReleaseJarSecurity.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/util/jar/JarInputStream/ExtraFileInMetaInf.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/util/jar/JarInputStream/ScanSignedJar.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/util/jar/JarInputStream/TestIndexedJarWithBadSignature.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/Cipher/ByteBuffers.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/Cipher/CipherInputStreamExceptions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/Cipher/GetMaxAllowed.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/Cipher/InOutBuffers.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/Cipher/TestCipherMode.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/Cipher/TestGetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/Cipher/Turkish.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/CipherSpi/DirectBBRemaining.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/CryptoPermission/AllPermCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/CryptoPermission/LowercasePermCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/CryptoPermission/RC2PermCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/CryptoPermission/RC4AliasPermCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/CryptoPermission/RSANoLimit.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/EncryptedPrivateKeyInfo/GetAlgName.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/EncryptedPrivateKeyInfo/GetKeySpec.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecException.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecException2.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecInvalidEncoding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/JceSecurity/SunJCE_BC_LoadOrdering.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/JceSecurity/VerificationResults.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/KeyGenerator/CompareKeys.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/KeyGenerator/TestGetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/Mac/ByteBuffers.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/Mac/TestGetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/SealedObject/NullKeySealedObject.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/SecretKeyFactory/PBKDF2TranslateTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/SecretKeyFactory/SecKFTranslateTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/SecretKeyFactory/SecKeyFacSunJCEPrf.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/SecretKeyFactory/TestFailOver.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/spec/DESKeySpec/CheckParity.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/spec/RC2ParameterSpec/RC2AlgorithmParameters.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/security/auth/kerberos/StandardNames.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/xml/crypto/dsig/BadXPointer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/xml/crypto/dsig/Basic.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/xml/crypto/dsig/ErrorHandlerPermissions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/xml/crypto/dsig/FileSocketPermissions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/xml/crypto/dsig/GenerationTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/xml/crypto/dsig/GetInstanceTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/xml/crypto/dsig/HereFunction.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/xml/crypto/dsig/PSSSpec.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/xml/crypto/dsig/SecureValidation.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/xml/crypto/dsig/SecurityManager/XMLDSigWithSecMgr.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/xml/crypto/dsig/TransformService/NullParent.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/xml/crypto/dsig/ValidationTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/xml/crypto/dsig/keyinfo/KeyInfo/Marshal.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/reflect/ReflectionFactory/ReflectionFactoryTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/jgss/GssMemoryIssues.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/jgss/spnego/MSOID.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/jgss/spnego/NotPreferredMech.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/KrbCredSubKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/RFC396xTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/ServiceCredsCombination.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/AcceptPermissions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/AcceptorSubKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/Addresses.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/AddressesAndNameType.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/AlwaysEncPaReq.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/Basic.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/BasicKrb5Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/BasicProc.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/BogusKDC.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/CleanState.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/CrossRealm.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/DiffNameSameKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/DiffSaltParams.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/DupEtypes.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/DynamicKeytab.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/EmptyPassword.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/FileKeyTab.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/ForwardableCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/Forwarded.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/GSS.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/GSSUnbound.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/HttpNegotiateServer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/HttpsCB.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/IgnoreChannelBinding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/KPEquals.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/KdcPolicy.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/KeyPermissions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/KeyTabCompat.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/KrbTicket.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/KvnoNA.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/LifeTimeInSeconds.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/LoginModuleOptions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/LoginNoPass.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/LongLife.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/MSOID2.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/ModuleName.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/MoreKvno.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/NewInquireTypes.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/NewSalt.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/NoAddresses.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/NoInitNoKeytab.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/NonAscii.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/NonMutualSpnego.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/NoneReplayCacheTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/NullRenewUntil.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/OkAsDelegate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/OkAsDelegateXRealm.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/OnlyDesLogin.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/PrincipalNameEquals.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/RRC.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/ReferralsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/RefreshKrb5Config.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/Renew.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/Renewal.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/ReplayCacheTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/ReplayCacheTestProc.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/ReplayCacheTestProcWithMD5.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/S4U2proxy.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/S4U2proxyGSS.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/S4U2self.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/S4U2selfAsServer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/S4U2selfAsServerGSS.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/S4U2selfGSS.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/SPNEGO.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/SaslBasic.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/SaslMutual.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/SaslUnbound.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/SpnegoLifeTime.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/SpnegoReqFlags.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/Test5653.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/TicketSName.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/TwoOrThree.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/TwoPrinces.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/TwoTab.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/Unavailable.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/UnboundService.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/UseCacheAndStoreKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/W83.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/auto/principalProperty/PrincipalSystemPropTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/etype/KerberosAesSha2.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/etype/WeakCrypto.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/ktab/BufferBoundary.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/ktab/FileKeyTab.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/ktab/KeyTabIndex.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/krb5/runNameEquals.sh https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/crypto/CipherSpi/ResetByteBuffer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-s390x
-#
-# Extended.openjdk Failures Exclude List for FIPS Testing
-#
-com/sun/jndi/ldap/DeadSSLLdapTimeoutTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/jndi/ldap/LdapCBPropertiesTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/jndi/ldap/LdapSSLHandshakeFailureTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/security/auth/module/KeyStoreLoginModule/OptionTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/security/auth/module/KeyStoreLoginModule/ReadOnly.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/security/sasl/Cram.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/security/sasl/digest/AuthNoUtf8.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/security/sasl/digest/AuthOnly.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/security/sasl/digest/AuthRealmChoices.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/security/sasl/digest/AuthRealms.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/security/sasl/digest/CheckNegotiatedQOPs.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/security/sasl/digest/HasInitialResponse.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/security/sasl/digest/Integrity.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/security/sasl/digest/NoQuoteParams.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/security/sasl/digest/Privacy.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/security/sasl/digest/PrivacyRc4.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/security/sasl/digest/Unbound.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/security/sasl/ntlm/Conformance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/security/sasl/ntlm/NTLMTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/io/File/createTempFile/SecurityTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/io/Serializable/records/AbsentStreamValuesTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/io/Serializable/records/BasicRecordSer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/io/Serializable/records/ConstructorAccessTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/io/Serializable/records/ConstructorPermissionTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/io/Serializable/records/CycleTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/io/Serializable/records/DifferentStreamFieldsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/io/Serializable/records/ReadResolveTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/io/Serializable/records/RecordClassTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/io/Serializable/records/SerialVersionUIDTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/io/Serializable/records/ThrowingConstructorTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/io/Serializable/records/WriteReplaceTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/io/Serializable/serialFilter/FilterWithSecurityManagerTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/io/Serializable/serialFilter/GlobalFilterTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/io/Serializable/serialFilter/SerialFilterFactoryTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/nio/channels/unixdomain/Security.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/nio/file/spi/SetDefaultProvider.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/rmi/dgc/VMID/CheckVMID.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/rmi/dgc/dgcImplInsulation/DGCImplInsulation.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/rmi/registry/altSecurityManager/AltSecurityManager.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/rmi/registry/classPathCodebase/ClassPathCodebase.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/rmi/registry/readTest/CodebaseTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/rmi/server/RMIClassLoader/downloadArrayClass/DownloadArrayClass.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/rmi/server/RMIClassLoader/loadProxyClasses/LoadProxyClasses.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/rmi/server/RMIClassLoader/useCodebaseOnly/UseCodebaseOnly.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/rmi/server/RMISocketFactory/useSocketFactory/registry/UseCustomSocketFactory.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/rmi/server/RMISocketFactory/useSocketFactory/unicast/UseCustomSocketFactory.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/rmi/server/clientStackTrace/ClientStackTrace.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/rmi/server/useCustomRef/UseCustomRef.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-java/rmi/transport/dgcDeadLock/DGCDeadLock.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/imageio/CachePremissionsTest/CachePermissionsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ALPN/SSLEngineAlpnTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ALPN/SSLServerSocketAlpnTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ALPN/SSLSocketAlpnTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/CipherSuite.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/ClientAuth.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/DTLSBufferOverflowUnderflowTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/DTLSDataExchangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/DTLSEnginesClosureTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/DTLSHandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/DTLSHandshakeWithReplicatedPacketsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/DTLSIncorrectAppDataTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/DTLSMFLNTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/DTLSNotEnabledRC4Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/DTLSOverDatagram.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/DTLSRehandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/DTLSRehandshakeWithCipherChangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/DTLSRehandshakeWithDataExTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/DTLSSequenceNumberTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/DTLSUnsupportedCiphersTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/DTLSWontNegotiateV10.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/InvalidCookie.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/InvalidRecords.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/NoMacInitialClientHello.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/PacketLossRetransmission.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/Reordered.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/RespondToRetransmit.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/Retransmission.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLS/WeakCipherSuite.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLSv10/DTLSv10BufferOverflowUnderflowTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLSv10/DTLSv10DataExchangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLSv10/DTLSv10EnginesClosureTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLSv10/DTLSv10HandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLSv10/DTLSv10HandshakeWithReplicatedPacketsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLSv10/DTLSv10IncorrectAppDataTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLSv10/DTLSv10MFLNTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLSv10/DTLSv10NotEnabledRC4Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLSv10/DTLSv10RehandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLSv10/DTLSv10RehandshakeWithCipherChangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLSv10/DTLSv10RehandshakeWithDataExTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLSv10/DTLSv10SequenceNumberTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/DTLSv10/DTLSv10UnsupportedCiphersTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/FixingJavadocs/ImplicitHandshake.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/FixingJavadocs/KMTMGetNothing.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/FixingJavadocs/SSLSessionNulls.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/FixingJavadocs/SSLSocketInherit.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/HttpsURLConnection/DummyCacheResponse.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/HttpsURLConnection/Equals.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/HttpsURLConnection/GetResponseCode.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/HttpsURLConnection/HttpsSession.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLEngine/AcceptLargeFragments.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLEngine/ArgCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLEngine/Arrays.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLEngine/Basics.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLEngine/CheckTlsEngineResults.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLEngine/ConnectionTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLEngine/EngineCloseOnAlert.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLEngine/ExtendedKeyEngine.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLEngine/ExtendedKeySocket.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLEngine/FinishedPresent.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLEngine/HandshakeWithInvalidRecordVersion.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLEngine/IllegalHandshakeMessage.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLEngine/LargeBufs.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLEngine/NoAuthClientAuth.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLEngine/TestAllSuites.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLSession/CheckSessionContext.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLSession/HttpsURLConnectionLocalCertificateChain.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLSession/JSSERenegotiate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLSession/RenegotiateTLS13.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLSession/ResumeTLS13withSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLSession/SSLCtxAccessToSessCtx.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLSession/SessionCacheSizeTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLSession/SessionTimeOutTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLSession/TestEnabledProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLSocket/ClientExcOnAlert.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLSocket/InputStreamClosure.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLSocket/OutputStreamClosure.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/SSLSocket/Tls13PacketSize.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ServerName/EndingDotHostname.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ServerName/SSLEngineExplorer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ServerName/SSLEngineExplorerMatchedSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ServerName/SSLEngineExplorerUnmatchedSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ServerName/SSLSocketConsistentSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ServerName/SSLSocketExplorer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ServerName/SSLSocketExplorerFailure.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ServerName/SSLSocketExplorerMatchedSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ServerName/SSLSocketExplorerUnmatchedSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ServerName/SSLSocketExplorerWithCliSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ServerName/SSLSocketExplorerWithSrvSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ServerName/SSLSocketInconsistentSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ServerName/SSLSocketSNISensitive.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/Stapling/HttpsUrlConnClient.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/Stapling/SSLEngineWithStapling.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/Stapling/SSLSocketWithStapling.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/Stapling/StapleEnableProps.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLS/TLSClientPropertyTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLS/TLSDataExchangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLS/TLSEnginesClosureTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLS/TLSHandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLS/TLSMFLNTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLS/TLSNotEnabledRC4Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLS/TLSRehandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLS/TLSRehandshakeWithCipherChangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLS/TLSRehandshakeWithDataExTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLS/TLSUnsupportedCiphersTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLS/TestJSSEClientDefaultProtocol.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLS/TestJSSEClientProtocol.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLS/TestJSSENoCommonProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLS/TestJSSEServerProtocol.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSCommon/ConcurrentClientAccessTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSCommon/TLSTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSCommon/TLSWithEdDSA.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv1/TLSDataExchangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv1/TLSEnginesClosureTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv1/TLSHandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv1/TLSMFLNTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv1/TLSNotEnabledRC4Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv1/TLSRehandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv1/TLSRehandshakeWithCipherChangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv1/TLSRehandshakeWithDataExTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv1/TLSUnsupportedCiphersTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv11/ExportableBlockCipher.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv11/ExportableStreamCipher.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv11/GenericBlockCipher.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv11/GenericStreamCipher.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv11/TLSDataExchangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv11/TLSEnginesClosureTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x
-javax/net/ssl/TLSv11/TLSHandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv11/TLSMFLNTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv11/TLSNotEnabledRC4Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv11/TLSRehandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv11/TLSRehandshakeWithCipherChangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv11/TLSRehandshakeWithDataExTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv11/TLSUnsupportedCiphersTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv12/DisabledShortDSAKeys.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv12/DisabledShortRSAKeys.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv12/ProtocolFilter.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv12/ShortRSAKey512.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv12/ShortRSAKeyGCM.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv12/SignatureAlgorithms.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv12/TLSEnginesClosureTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv13/ClientHelloKeyShares.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv13/EngineOutOfSeqCCS.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/TLSv13/HRRKeyShares.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ciphersuites/DisabledAlgorithms.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ciphersuites/ECCurvesconstraints.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/compatibility/ClientHelloProcessing.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/finalize/SSLSessionFinalizeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/interop/ClientHelloBufferUnderflowException.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/interop/ClientHelloChromeInterOp.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/sanity/CacertsExplorer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/sanity/ciphersuites/CipherSuitesInOrder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/sanity/interop/ClientJSSEServerJSSE.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/sanity/pluggability/CheckSSLContextExport.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/templates/SSLEngineTemplate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/templates/SSLSocketTemplate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/rmi/ssl/SSLSocketParametersTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/rmi/ssl/SocketFactoryTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/security/auth/Destroyable/KeyDestructionTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/security/auth/PrivateCredentialPermission/MoreThenOnePrincipals.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/security/auth/login/Configuration/GetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/security/sasl/Sasl/ClientServerTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/security/sasl/Sasl/DisabledMechanisms.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/smartcardio/TerminalFactorySpiTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-jdk/dynalink/BeanLinkerTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-jdk/dynalink/TrustedDynamicLinkerFactoryTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-jdk/dynalink/UntrustedDynamicLinkerFactoryTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-jdk/nio/zipfs/DirectoryStreamTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-jdk/nio/zipfs/InvalidZipHeaderTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-jdk/nio/zipfs/NewFileSystemTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-jdk/nio/zipfs/PropertyPermissionTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-jdk/nio/zipfs/TestPosix.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-jdk/nio/zipfs/ZFSTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-jdk/nio/zipfs/ZipFSPermissionsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-jdk/security/jarsigner/Function.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-jdk/security/jarsigner/JarWithOneNonDisabledDigestAlg.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-jdk/security/jarsigner/Properties.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-jdk/security/jarsigner/Spec.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-jdk/security/logging/TestSecurityPropertyModificationLog.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-jdk/security/logging/TestTLSHandshakeLog.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/rmi/server/MarshalOutputStream/marshalForeignStub/MarshalForeignStub.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/rmi/transport/tcp/disableMultiplexing/DisableMultiplexing.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ec/InvalidCurve.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ec/NSASuiteB/TestSHAwithECDSASignatureOids.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ec/SignatureDigestTruncate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ec/SignatureKAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ec/SignedObjectChain.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ec/TestEC.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x
-sun/security/ec/ed/EdCRLSign.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ec/ed/EdDSAKeyCompatibility.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ec/ed/EdDSAKeySize.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ec/ed/EdDSANegativeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ec/ed/EdDSAParamSpec.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ec/ed/EdDSAReuseTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ec/ed/EdDSATest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ec/ed/EdECKeyFormat.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ec/ed/TestEdDSA.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ec/ed/TestEdOps.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ec/xec/TestXDH.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ec/xec/XECKeyFormat.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/jca/PreferredProviderNegativeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/jca/PreferredProviderTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/lib/CheckBlockedCerts.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs/pkcs10/PKCS10AttrEncoding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs/pkcs7/PKCS7VerifyTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs/pkcs7/SignerOrder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs/pkcs8/PKCS8Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs/pkcs8/TestLeadingZeros.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs11/KeyStore/ClientAuth.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs11/Provider/Absolute.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs12/Bug6415637.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs12/EmptyPassword.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs12/KeytoolOpensslInteropTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs12/P12SecretKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs12/PBES2Encoding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs12/PKCS12SameKeyId.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs12/ProbeBER.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs12/ProbeLargeKeystore.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs12/SameDN.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs12/StorePasswordTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs12/StoreSecretKeyTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs12/StoreTrustedCertTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs12/WrongPBES2.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/DSA/SupportedDSAParamGen.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/DSA/SupportedDSAParamGenLongKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/DSA/TestAlgParameterGenerator.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/DSA/TestDSA.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/DSA/TestDSA2.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/DSA/TestKeyPairGenerator.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/DSA/TestLegacyDSAKeyPairGenerator.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/DSA/TestMaxLengthDER.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/KeyStore/CaseSensitiveAliases.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/KeyStore/TestJKSWithSecretKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/KeyStore/WrongPassword.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/KeyStore/WrongStoreType.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/MessageDigest/DigestKAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/MessageDigest/Offsets.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/MessageDigest/TestSHAClone.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/NSASuiteB/TestDSAGenParameterSpec.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/NSASuiteB/TestDSAGenParameterSpecLongKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/NSASuiteB/TestSHAOids.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/NSASuiteB/TestSHAwithDSASignatureOids.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/PolicyFile/Alias.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/PolicyFile/AliasExpansion.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/PolicyFile/TokenStore.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/PolicyFile/TrustedCert.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/SecureRandom/AbstractDrbg/SpecTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/SecureRandom/AutoReseed.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/SecureRandom/CommonSeeder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/SecureRandom/DRBGAlg.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/SecureRandom/SHA1PRNGReseed.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/SecureRandom/StrongSecureRandom.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/SecureRandom/StrongSeedReader.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/SeedGenerator/SeedGeneratorChoice.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/X509Factory/BadPem.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/X509Factory/BigCRL.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/certpath/DisabledAlgorithms/CPBuilder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/certpath/DisabledAlgorithms/CPBuilderWithMD5.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/certpath/DisabledAlgorithms/CPValidatorEndEntity.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/certpath/DisabledAlgorithms/CPValidatorIntermediate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/certpath/DisabledAlgorithms/CPValidatorTrustAnchor.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/provider/certpath/OCSP/OCSPNoContentLength.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/BrokenRSAPrivateCrtKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/KeySizeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/PrivateKeyEqualityTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/SignatureTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/SignedObjectChain.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/SpecTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/TestCACerts.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/TestKeyFactory.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/TestKeyPairGenerator.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/TestKeyPairGeneratorExponent.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/TestKeyPairGeneratorInit.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/TestKeyPairGeneratorLength.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/TestRSAOidSupport.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/TestSigGen15.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/TestSignatures.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/WithoutNULL.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/pss/InitAgain.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/pss/PSSKeyCompatibility.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/pss/PSSParametersTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/pss/SerializedPSSKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/pss/SignatureTest2.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/pss/SignatureTestPSS.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/pss/TestPSSKeySupport.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/rsa/pss/TestSigGenPSS.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/ALPN/AlpnGreaseTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/AppInputStream/ReadBlocksClose.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/AppInputStream/ReadHandshake.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/AppInputStream/ReadZeroBytes.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/AppInputStream/RemoveMarkReset.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/AppOutputStream/NoExceptionOnClose.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/CertPathRestrictions/TLSRestrictions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/CipherSuite/DisabledCurve.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x
-sun/security/ssl/CipherSuite/LegacyConstraints.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/CipherSuite/NamedGroupsWithCipherSuite.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x
-sun/security/ssl/CipherSuite/RestrictNamedGroup.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/CipherSuite/RestrictSignatureScheme.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/CipherSuite/SSL_NULL.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/CipherSuite/SupportedGroups.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x
-sun/security/ssl/ClientHandshaker/CipherSuiteOrder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/ClientHandshaker/LengthCheckTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/ClientHandshaker/RSAExport.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/DHKeyExchange/DHEKeySizing.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/DHKeyExchange/LegacyDHEKeyExchange.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/DHKeyExchange/UseStrongDHSizes.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/EngineArgs/DebugReportsOneExtraByte.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/GenSSLConfigs/main.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/HandshakeHash/HandshakeHashCloneExhaustion.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/HandshakeOutStream/NullCerts.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/InputRecord/ClientHelloRead.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/InputRecord/SSLSocketTimeoutNulls.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/ProtocolVersion/HttpsProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLContextImpl/CustomizedCipherSuites.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLContextImpl/CustomizedDTLSDefaultProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLContextImpl/CustomizedDTLSServerDefaultProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLContextImpl/CustomizedDefaultProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLContextImpl/CustomizedServerDefaultProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLContextImpl/DefaultCipherSuitePreference.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLContextImpl/DefaultDTLSEnabledProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLContextImpl/DefaultEnabledProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLContextImpl/GoodProvider.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLContextImpl/IllegalProtocolProperty.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLContextImpl/MD2InTrustAnchor.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLContextImpl/MultipleChooseAlias.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLContextImpl/NoOldVersionContext.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLContextImpl/SSLContextDefault.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLContextImpl/SSLContextVersion.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLContextImpl/TrustTrustedCert.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLEngineImpl/CloseEngineException.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLEngineImpl/CloseStart.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLEngineImpl/DelegatedTaskWrongException.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLEngineImpl/EmptyExtensionData.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLEngineImpl/EngineEnforceUseClientMode.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLEngineImpl/RehandshakeFinished.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLEngineImpl/SSLEngineBadBufferArrayAccess.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLEngineImpl/SSLEngineDeadlock.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLEngineImpl/SSLEngineFailedALPN.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLEngineImpl/SSLEngineKeyLimit.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLEngineImpl/TLS13BeginHandshake.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLLogger/LoggingFormatConsistency.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSessionContextImpl/DefautlCacheSize.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSessionContextImpl/Timeout.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSessionImpl/HashCodeMissing.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSessionImpl/InvalidateSession.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSessionImpl/NoInvalidateSocketException.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSessionImpl/ResumeChecksClient.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSessionImpl/ResumeChecksClientStateless.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSessionImpl/ResumeChecksServer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSessionImpl/ResumeChecksServerStateless.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSessionImpl/ResumptionUpdateBoundValues.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/AsyncSSLSocketClose.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/BlockedAsyncClose.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/ClientModeClientAuth.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/ClientSocketCloseHang.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/ClientTimeout.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/CloseSocket.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/CloseSocketException.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/DisableExtensions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/IgnorableExceptionMessages.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/InvalidateServerSessionRenegotiate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/LargePacketAfterHandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/NewSocketMethods.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/NoImpactServerRenego.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/NotifyHandshakeTest.sh https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/RejectClientRenego.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/ReuseAddr.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/ReverseNameLookup.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/SSLSocketBruceForceClose.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/SSLSocketBruteForceClose.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/SSLSocketClose.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/SSLSocketCloseHang.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/SSLSocketImplThrowsWrongExceptions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/SSLSocketKeyLimit.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/SSLSocketReset.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/SSLSocketSSLEngineCloseInbound.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/SSLSocketShouldThrowSocketException.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/ServerRenegoWithTwoVersions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/ServerTimeout.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/SetSoTimeout.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/SocketExceptionForSocketIssues.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SSLSocketImpl/UnconnectedSocketWrongExceptions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/ServerHandshaker/AnonCipherWithWantClientAuth.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/ServerHandshaker/GetPeerHost.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/ServerHandshaker/HelloExtensionsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SignatureScheme/CustomizedClientSchemes.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SignatureScheme/CustomizedServerSchemes.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SignatureScheme/SigAlgosExtTestWithTLS12.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SignatureScheme/SigAlgosExtTestWithTLS13.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SignatureScheme/SigSchemePropOrdering.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SignatureScheme/Tls13NamedGroups.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/SocketCreation/SocketCreation.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/Stapling/StatusResponseManager.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/X509KeyManager/CertificateAuthorities.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/X509KeyManager/PreferredKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/X509KeyManager/SelectOneKeyOutOfMany.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/X509TrustManagerImpl/BasicConstraints.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/X509TrustManagerImpl/BasicConstraints12.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/X509TrustManagerImpl/CacertsLimit.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/X509TrustManagerImpl/CertRequestOverflow.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/X509TrustManagerImpl/CheckNullEntity.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/X509TrustManagerImpl/ComodoHacker.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/X509TrustManagerImpl/PKIXExtendedTM.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/X509TrustManagerImpl/SelfIssuedCert.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/X509TrustManagerImpl/SunX509ExtendedTM.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/X509TrustManagerImpl/TooManyCAs.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/X509TrustManagerImpl/X509ExtendedTMEnabled.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/internal/TestRun.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/ssl/spi/ProviderInit.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/jarsigner/DefaultSigalg.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/jarsigner/EntriesOrder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/jarsigner/JarSigningNonAscii.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/jarsigner/LargeJarEntry.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/jarsigner/LineBrokenMultiByteCharacter.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/jarsigner/PreserveRawManifestEntryAndDigest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x
-sun/security/tools/jarsigner/Test4431684.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/jarsigner/TimestampCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/jarsigner/TsacertOptionTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/jarsigner/multiRelease/MVJarSigningTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/jarsigner/warnings/NoTimestampTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/CacertsOption.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/CheckCertAKID.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/CloneKeyAskPassword.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/CloseFile.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/DupImport.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/GenKeyPairSigner.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/GenerateAll.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/GroupName.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/HasSrcStoretypeOption.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/ImportPrompt.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/JKStoPKCS12.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/KeyToolTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/NewSize7.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/PKCS12Passwd.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/PrintSSL.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/Serial64.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/StartDateTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/StorePasswords.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/UnknownAndUnparseable.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/WeakAlg.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/fakecacerts/TrustedCRL.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/fakecacerts/TrustedCert.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/fakegen/DefaultSignatureAlgorithm.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/tools/keytool/fakegen/PSS.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/util/HostnameMatcher/NullHostnameCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/validator/EndEntityExtensionCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/validator/certreplace.sh https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/validator/samedn.sh https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/x509/AlgorithmId/ExtensibleAlgorithmId.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/x509/AlgorithmId/NonStandardNames.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/x509/AlgorithmId/OmitAlgIdParam.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/x509/URICertStore/CRLReadTimeout.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/x509/URICertStore/ExtensionsWithLDAP.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/x509/X509CRLImpl/OrderAndDup.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/x509/X509CRLImpl/Verify.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/x509/X509CertImpl/ECSigParamsVerifyWithCert.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/x509/X509CertImpl/V3Certificate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/x509/X509CertImpl/Verify.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-javax/net/ssl/ServerName/BestEffortOnLazyConnected.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-com/sun/jdi/JdwpAttachTest.java.JdwpAttachTest https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all
-sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-s390x,aix-all
-javax/net/ssl/SSLEngine/LargePacket.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le
-jdk/nio/zipfs/ZipFSTester.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-ppc64le,linux-s390x,aix-all
diff --git a/test/jdk/javax/net/ssl/DTLS/CipherSuite.java b/test/jdk/javax/net/ssl/DTLS/CipherSuite.java
index 0b277792766..16871773640 100644
--- a/test/jdk/javax/net/ssl/DTLS/CipherSuite.java
+++ b/test/jdk/javax/net/ssl/DTLS/CipherSuite.java
@@ -52,6 +52,9 @@
import javax.net.ssl.SSLEngine;
import java.security.Security;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
/**
* Test common DTLS cipher suites.
*/
@@ -61,14 +64,40 @@ public class CipherSuite extends DTLSOverDatagram {
volatile static String cipherSuite;
public static void main(String[] args) throws Exception {
- if (args.length > 1 && "re-enable".equals(args[1])) {
+ if (args.length > 1 && "re-enable".equals(args[1])
+ && !(Utils.isFIPS())) {
Security.setProperty("jdk.tls.disabledAlgorithms", "");
}
cipherSuite = args[0];
CipherSuite testCase = new CipherSuite();
- testCase.runTest(testCase);
+ try {
+ testCase.runTest(testCase);
+ } catch (javax.net.ssl.SSLHandshakeException sslhe) {
+ if (Utils.isFIPS()) {
+ if(!SecurityUtils.TLS_CIPHERSUITES.containsKey(cipherSuite)) {
+ if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) {
+ System.out.println("Expected exception msg: is caught");
+ return;
+ } else {
+ System.out.println("Unexpected exception msg: <" + sslhe.getMessage() + "> is caught");
+ return;
+ }
+ } else {
+ System.out.println("Unexpected exception is caught");
+ sslhe.printStackTrace();
+ return;
+ }
+ } else {
+ System.out.println("Unexpected exception is caught in Non-FIPS mode");
+ sslhe.printStackTrace();
+ return;
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ return;
+ }
}
@Override
diff --git a/test/jdk/javax/net/ssl/DTLS/DTLSWontNegotiateV10.java b/test/jdk/javax/net/ssl/DTLS/DTLSWontNegotiateV10.java
index f67a02b3052..fac0d50a7e1 100644
--- a/test/jdk/javax/net/ssl/DTLS/DTLSWontNegotiateV10.java
+++ b/test/jdk/javax/net/ssl/DTLS/DTLSWontNegotiateV10.java
@@ -21,6 +21,7 @@
* questions.
*/
+import jdk.test.lib.Utils;
import jdk.test.lib.security.SecurityUtils;
import javax.net.ssl.*;
@@ -51,7 +52,9 @@ public class DTLSWontNegotiateV10 {
private static final int READ_TIMEOUT_SECS = Integer.getInteger("readtimeout", 30);
public static void main(String[] args) throws Exception {
- if (args[0].equals(DTLSV_1_0)) {
+
+ if (args[0].equals(DTLSV_1_0)
+ && !(Utils.isFIPS())) {
SecurityUtils.removeFromDisabledTlsAlgs(DTLSV_1_0);
}
@@ -74,6 +77,26 @@ public static void main(String[] args) throws Exception {
break;
} catch (SocketTimeoutException exc) {
System.out.println("The server timed-out waiting for packets from the client.");
+ } catch (javax.net.ssl.SSLHandshakeException sslhe) {
+ if (Utils.isFIPS()) {
+ if(!SecurityUtils.TLS_PROTOCOLS.contains(args[0])) {
+ if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) {
+ System.out.println("Expected exception msg: is caught");
+ return;
+ } else {
+ System.out.println("Unexpected exception msg: <" + sslhe.getMessage() + "> is caught");
+ return;
+ }
+ } else {
+ System.out.println("Unexpected exception is caught");
+ sslhe.printStackTrace();
+ return;
+ }
+ } else {
+ System.out.println("Unexpected exception is caught in Non-FIPS mode");
+ sslhe.printStackTrace();
+ return;
+ }
}
}
if (tries == totalAttempts) {
diff --git a/test/jdk/javax/net/ssl/DTLS/WeakCipherSuite.java b/test/jdk/javax/net/ssl/DTLS/WeakCipherSuite.java
index d9bb38ec15a..0f9295cb436 100644
--- a/test/jdk/javax/net/ssl/DTLS/WeakCipherSuite.java
+++ b/test/jdk/javax/net/ssl/DTLS/WeakCipherSuite.java
@@ -41,6 +41,9 @@
import javax.net.ssl.SSLEngine;
import java.security.Security;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
/**
* Test common DTLS weak cipher suites.
*/
@@ -52,13 +55,40 @@ public class WeakCipherSuite extends DTLSOverDatagram {
public static void main(String[] args) throws Exception {
// reset security properties to make sure that the algorithms
// and keys used in this test are not disabled.
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
- Security.setProperty("jdk.certpath.disabledAlgorithms", "");
+ if (!(Utils.isFIPS())) {
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ Security.setProperty("jdk.certpath.disabledAlgorithms", "");
+ }
cipherSuite = args[0];
WeakCipherSuite testCase = new WeakCipherSuite();
- testCase.runTest(testCase);
+ try {
+ testCase.runTest(testCase);
+ } catch (javax.net.ssl.SSLHandshakeException sslhe) {
+ if (Utils.isFIPS()) {
+ if(!SecurityUtils.TLS_CIPHERSUITES.containsKey(cipherSuite)) {
+ if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) {
+ System.out.println("Expected exception msg: is caught");
+ return;
+ } else {
+ System.out.println("Unexpected exception msg: <" + sslhe.getMessage() + "> is caught");
+ return;
+ }
+ } else {
+ System.out.println("Unexpected exception is caught");
+ sslhe.printStackTrace();
+ return;
+ }
+ } else {
+ System.out.println("Unexpected exception is caught in Non-FIPS mode");
+ sslhe.printStackTrace();
+ return;
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ return;
+ }
}
@Override
diff --git a/test/jdk/javax/net/ssl/FIPSFlag/FIPSFlagTests.java b/test/jdk/javax/net/ssl/FIPSFlag/FIPSFlagTests.java
new file mode 100644
index 00000000000..3be3b2b7dba
--- /dev/null
+++ b/test/jdk/javax/net/ssl/FIPSFlag/FIPSFlagTests.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @summary Test flags used for FIPS 140-2 and FIPS 140-3
+ * @run main/othervm
+ * TestFIPS false
+ * @run main/othervm
+ * -Dsemeru.fips=true
+ * TestFIPS true 140-2
+ * @run main/othervm
+ * -Dsemeru.fips=true
+ * -Dsemeru.customprofile=OpenJCEPlusFIPS.FIPS140-3
+ * TestFIPS true 140-3
+ * @run main/othervm
+ * -Dsemeru.fips=true
+ * -Dsemeru.customprofile=OpenJCEPlusFIPS
+ * TestFIPS true 140-3
+ */
diff --git a/test/jdk/javax/net/ssl/FIPSFlag/TestFIPS.java b/test/jdk/javax/net/ssl/FIPSFlag/TestFIPS.java
new file mode 100644
index 00000000000..abcab6f1cf1
--- /dev/null
+++ b/test/jdk/javax/net/ssl/FIPSFlag/TestFIPS.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.Provider;
+import java.security.Security;
+
+public class TestFIPS {
+
+ private static final String SEMERU_FIPS = System.getProperty("semeru.fips");
+ private static final String PROFILE = System.getProperty("semeru.customprofile");
+
+ public static void main(String[] args) throws Exception {
+
+ for (Provider.Service service : Security.getProvider("SUN").getServices()) {
+ System.out.println("Service: " + service.getType() + " Algorithm: " + service.getAlgorithm() + " Class: " + service.getClassName());
+ }
+
+ if (SEMERU_FIPS == null) {
+ if (args[0].equals("false")) {
+ System.out.println("PASS");
+ } else {
+ throw new FIPSException("FIPS mode should be opened before using.");
+ }
+ return;
+ }
+
+ if (PROFILE == null) {
+ if (SEMERU_FIPS.equals(args[0])) {
+ if (args[0].equals("true")) {
+ if (System.getProperty("com.ibm.fips.mode").equals("140-2") && args[1].equals("140-2")) {
+ System.out.println("PASS");
+ } else {
+ throw new FIPSException("If there is no custom profile specified, the FIPS 140-2 should be used as default.");
+ }
+ } else {
+ throw new FIPSException("FIPS mode is not opened.");
+ }
+ } else {
+ throw new FIPSException("FIPS mode and expected mode do not match.");
+ }
+ return;
+ }
+
+ System.out.println("profile is: " + PROFILE);
+ if (PROFILE.contains("OpenJCEPlusFIPS")) {
+ if (SEMERU_FIPS.equals(args[0])) {
+ if (args[0].equals("true")) {
+ if (System.getProperty("com.ibm.fips.mode").equals("140-3") && args[1].equals("140-3")) {
+ System.out.println("PASS");
+ } else {
+ throw new FIPSException("FIPS profile and fips mode do not match.");
+ }
+ } else {
+ throw new FIPSException("FIPS mode is not opened.");
+ }
+ }
+ } else {
+ throw new FIPSException("FIPS profile is not supported in FIPS 140-3 mode.");
+ }
+ }
+
+ public static class FIPSException extends Exception {
+ public FIPSException(String message) {
+ super(message);
+ }
+ }
+}
diff --git a/test/jdk/javax/net/ssl/FixingJavadocs/ImplicitHandshake.java b/test/jdk/javax/net/ssl/FixingJavadocs/ImplicitHandshake.java
index b1ef64ef88a..09ea450c15d 100644
--- a/test/jdk/javax/net/ssl/FixingJavadocs/ImplicitHandshake.java
+++ b/test/jdk/javax/net/ssl/FixingJavadocs/ImplicitHandshake.java
@@ -26,6 +26,7 @@
* @bug 4387882
* @summary Need to revisit the javadocs for JSSE, especially the
* promoted classes.
+ * @library /test/lib
* @run main/othervm ImplicitHandshake
*
* SunJSSE does not support dynamic system properties, no way to re-use
@@ -37,6 +38,8 @@
import java.net.*;
import javax.net.ssl.*;
+import jdk.test.lib.Utils;
+
public class ImplicitHandshake {
/*
@@ -191,6 +194,10 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + trustStoreFile;
+ if (Utils.isFIPS()) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ }
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
diff --git a/test/jdk/javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java b/test/jdk/javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java
index d4eca8b5776..d502c5319ff 100644
--- a/test/jdk/javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java
+++ b/test/jdk/javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java
@@ -31,6 +31,7 @@
* @bug 6668231
* @summary Presence of a critical subjectAltName causes JSSE's SunX509 to
* fail trusted checks
+ * @library /test/lib
* @run main/othervm CriticalSubjectAltName
* @author Xuelei Fan
*/
@@ -53,6 +54,8 @@
import java.security.Security;
import java.security.cert.Certificate;
+import jdk.test.lib.Utils;
+
public class CriticalSubjectAltName implements HostnameVerifier {
/*
* =============================================================
@@ -159,10 +162,12 @@ void doClientSide() throws Exception {
public static void main(String[] args) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
- Security.setProperty("jdk.certpath.disabledAlgorithms",
- "MD2, RSA keySize < 1024");
- Security.setProperty("jdk.tls.disabledAlgorithms",
- "SSLv3, RC4, DH keySize < 768");
+ if (!(Utils.isFIPS())) {
+ Security.setProperty("jdk.certpath.disabledAlgorithms",
+ "MD2, RSA keySize < 1024");
+ Security.setProperty("jdk.tls.disabledAlgorithms",
+ "SSLv3, RC4, DH keySize < 768");
+ }
String keyFilename =
System.getProperty("test.src", "./") + "/" + pathToStores +
@@ -171,6 +176,11 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + trustStoreFile;
+ if (Utils.isFIPS()) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
@@ -182,7 +192,29 @@ public static void main(String[] args) throws Exception {
/*
* Start the tests.
*/
- new CriticalSubjectAltName();
+ try {
+ new CriticalSubjectAltName();
+ } catch (Exception e) {
+ if (Utils.isFIPS()) {
+ if (e instanceof java.security.cert.CertPathValidatorException) {
+ if ("Algorithm constraints check failed on signature algorithm: MD5withRSA".equals(e.getMessage())) {
+ System.out.println("MD5withRSA is not a supported signature algorithm.");
+ return;
+ } else {
+ System.out.println("Unexpected exception msg: <" + e.getMessage() + "> is caught");
+ return;
+ }
+ } else {
+ System.out.println("Unexpected exception is caught");
+ e.printStackTrace();
+ return;
+ }
+ } else {
+ System.out.println("Unexpected exception is caught in Non-FIPS mode");
+ e.printStackTrace();
+ return;
+ }
+ }
}
Thread clientThread = null;
diff --git a/test/jdk/javax/net/ssl/HttpsURLConnection/GetResponseCode.java b/test/jdk/javax/net/ssl/HttpsURLConnection/GetResponseCode.java
index 87ffef9c0f8..310cc7303ff 100644
--- a/test/jdk/javax/net/ssl/HttpsURLConnection/GetResponseCode.java
+++ b/test/jdk/javax/net/ssl/HttpsURLConnection/GetResponseCode.java
@@ -25,6 +25,7 @@
* @test
* @bug 4482187
* @summary HttpsClient tests are failing for build 71
+ * @library /test/lib
* @run main/othervm GetResponseCode
*
* SunJSSE does not support dynamic system properties, no way to re-use
@@ -37,6 +38,8 @@
import javax.net.ssl.*;
import java.security.cert.Certificate;
+import jdk.test.lib.Utils;
+
public class GetResponseCode implements HostnameVerifier {
/*
* =============================================================
@@ -149,6 +152,11 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + trustStoreFile;
+ if (Utils.isFIPS()) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
diff --git a/test/jdk/javax/net/ssl/SSLEngine/ArgCheck.java b/test/jdk/javax/net/ssl/SSLEngine/ArgCheck.java
index 4781d15972b..b715ce09a5e 100644
--- a/test/jdk/javax/net/ssl/SSLEngine/ArgCheck.java
+++ b/test/jdk/javax/net/ssl/SSLEngine/ArgCheck.java
@@ -27,7 +27,7 @@
* @summary Add scatter/gather APIs for SSLEngine
*
* Check to see if the args are being parsed properly.
- *
+ * @library /test/lib
*/
import javax.net.ssl.*;
diff --git a/test/jdk/javax/net/ssl/SSLEngine/Arrays.java b/test/jdk/javax/net/ssl/SSLEngine/Arrays.java
index 2ba56c85b34..75039b2160f 100644
--- a/test/jdk/javax/net/ssl/SSLEngine/Arrays.java
+++ b/test/jdk/javax/net/ssl/SSLEngine/Arrays.java
@@ -41,7 +41,9 @@
import java.io.*;
import java.security.*;
import java.nio.*;
+import java.util.*;
+import jdk.test.lib.Utils;
import jdk.test.lib.security.SecurityUtils;
public class Arrays {
@@ -187,12 +189,14 @@ public static void main(String args[]) throws Exception {
contextVersion = args[0];
// Re-enable context version if it is disabled.
// If context version is SSLv3, TLSv1 needs to be re-enabled.
- if (contextVersion.equals("SSLv3")) {
- SecurityUtils.removeFromDisabledTlsAlgs("TLSv1");
- } else if (contextVersion.equals("TLSv1") ||
- contextVersion.equals("TLSv1.1")) {
- SecurityUtils.removeFromDisabledTlsAlgs(contextVersion);
- }
+ if (!(Utils.isFIPS())) {
+ if (contextVersion.equals("SSLv3")) {
+ SecurityUtils.removeFromDisabledTlsAlgs("TLSv1");
+ } else if (contextVersion.equals("TLSv1") ||
+ contextVersion.equals("TLSv1.1")) {
+ SecurityUtils.removeFromDisabledTlsAlgs(contextVersion);
+ }
+ }
Arrays test;
@@ -200,7 +204,32 @@ public static void main(String args[]) throws Exception {
test.createSSLEngines();
- test.runTest();
+ try {
+ test.runTest();
+ } catch (javax.net.ssl.SSLHandshakeException sslhe) {
+ if (Utils.isFIPS()) {
+ if(!SecurityUtils.TLS_PROTOCOLS.contains(contextVersion)) {
+ if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) {
+ System.out.println("Expected exception msg: is caught");
+ return;
+ } else {
+ System.out.println("Unexpected exception msg: <" + sslhe.getMessage() + "> is caught");
+ return;
+ }
+ } else {
+ System.out.println("Unexpected exception is caught");
+ sslhe.printStackTrace();
+ return;
+ }
+ } else {
+ System.out.println("Unexpected exception is caught in Non-FIPS mode");
+ sslhe.printStackTrace();
+ return;
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ return;
+ }
System.err.println("Test Passed.");
}
diff --git a/test/jdk/javax/net/ssl/SSLEngine/Basics.java b/test/jdk/javax/net/ssl/SSLEngine/Basics.java
index 3239bfd4ce9..e5fcf225d55 100644
--- a/test/jdk/javax/net/ssl/SSLEngine/Basics.java
+++ b/test/jdk/javax/net/ssl/SSLEngine/Basics.java
@@ -41,6 +41,7 @@
import javax.net.ssl.*;
import javax.net.ssl.SSLEngineResult.*;
+import jdk.test.lib.Utils;
import jdk.test.lib.security.SecurityUtils;
public class Basics {
@@ -57,11 +58,15 @@ public class Basics {
"/" + TRUSTSTORE_FILE;
public static void main(String[] args) throws Exception {
- SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1");
+ if (!(Utils.isFIPS())) {
+ SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1");
+ runTest("TLSv1.1", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA");
+ }
runTest("TLSv1.3", "TLS_AES_256_GCM_SHA384");
- runTest("TLSv1.2", "TLS_RSA_WITH_AES_256_GCM_SHA384");
- runTest("TLSv1.1", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA");
+ if (!(Utils.isFIPS())) {
+ runTest("TLSv1.2", "TLS_RSA_WITH_AES_256_GCM_SHA384");
+ }
}
private static void runTest(String protocol, String cipherSuite) throws Exception {
diff --git a/test/jdk/javax/net/ssl/SSLEngine/CheckTlsEngineResults.java b/test/jdk/javax/net/ssl/SSLEngine/CheckTlsEngineResults.java
index 7a7ecdffa5d..93447ec3b3e 100644
--- a/test/jdk/javax/net/ssl/SSLEngine/CheckTlsEngineResults.java
+++ b/test/jdk/javax/net/ssl/SSLEngine/CheckTlsEngineResults.java
@@ -25,9 +25,8 @@
* @test
* @bug 4948079
* @summary Verify return values from SSLEngine wrap/unwrap (TLSv1.2) operations
- *
+ * @library /test/lib
* @run main CheckTlsEngineResults
- *
* @author Brad Wetmore
*/
@@ -41,6 +40,8 @@
import java.security.*;
import java.nio.*;
+import jdk.test.lib.Utils;
+
public class CheckTlsEngineResults {
private final SSLContext SSL_CONTEXT;
@@ -126,8 +127,15 @@ private void test() throws Exception {
SSLEngineResult result1; // clientEngine's results from last operation
SSLEngineResult result2; // serverEngine's results from last operation
- String [] suite1 = new String [] {
- "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" };
+ String[] suite1;
+ if (!(Utils.isFIPS())) {
+ suite1 = new String [] {
+ "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" };
+ } else {
+ suite1 = new String [] {
+ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" };
+ }
+
String [] suite2 = new String [] {
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" };
@@ -153,7 +161,7 @@ private void test() throws Exception {
result2 = serverEngine.unwrap(clientToServer, serverIn);
checkResult(clientToServer, serverIn, result2,
- Status.OK, HandshakeStatus.NEED_TASK, result1.bytesProduced(), 0);
+ Status.OK, HandshakeStatus.NEED_TASK, result1.bytesProduced(), 0);
runDelegatedTasks(serverEngine);
clientToServer.compact();
diff --git a/test/jdk/javax/net/ssl/SSLEngine/ConnectionTest.java b/test/jdk/javax/net/ssl/SSLEngine/ConnectionTest.java
index e1ed18e9fde..066a06b3bef 100644
--- a/test/jdk/javax/net/ssl/SSLEngine/ConnectionTest.java
+++ b/test/jdk/javax/net/ssl/SSLEngine/ConnectionTest.java
@@ -27,7 +27,7 @@
* @summary Add non-blocking SSL/TLS functionality, usable with any
* I/O abstraction
* @author Brad Wetmore
- *
+ * @library /test/lib
* @run main/othervm ConnectionTest TLSv1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
* @run main/othervm ConnectionTest TLSv1.3 TLS_AES_256_GCM_SHA384
*/
@@ -44,6 +44,8 @@
import java.security.*;
import java.nio.*;
+import jdk.test.lib.Utils;
+
public class ConnectionTest {
private final SSLEngine clientEngine;
@@ -93,6 +95,7 @@ public ConnectionTest(String enabledProtocol, String enabledCipherSuite)
private SSLContext getSSLContext() throws Exception {
KeyStore ks = KeyStore.getInstance("JKS");
KeyStore ts = KeyStore.getInstance("JKS");
+
char[] passphrase = "passphrase".toCharArray();
ks.load(new FileInputStream(KEYSTORE_PATH), passphrase);
@@ -597,7 +600,9 @@ private static void log(Object msg) {
public static void main(String args[]) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ if (!(Utils.isFIPS())) {
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ }
log(String.format("Running with %s and %s%n", args[0], args[1]));
ConnectionTest ct = new ConnectionTest(args[0], args[1]);
diff --git a/test/jdk/javax/net/ssl/SSLEngine/EngineCloseOnAlert.java b/test/jdk/javax/net/ssl/SSLEngine/EngineCloseOnAlert.java
index 7a4f71d8171..e25b3cb2473 100644
--- a/test/jdk/javax/net/ssl/SSLEngine/EngineCloseOnAlert.java
+++ b/test/jdk/javax/net/ssl/SSLEngine/EngineCloseOnAlert.java
@@ -26,6 +26,7 @@
* @bug 8133632
* @summary javax.net.ssl.SSLEngine does not properly handle received
* SSL fatal alerts
+ * @library /test/lib
* @run main EngineCloseOnAlert
*/
@@ -37,6 +38,8 @@
import java.security.*;
import static javax.net.ssl.SSLEngineResult.HandshakeStatus.*;
+import jdk.test.lib.Utils;
+
public class EngineCloseOnAlert {
private static final String PATH_TO_STORES = "../etc";
@@ -53,8 +56,9 @@ public class EngineCloseOnAlert {
private static KeyManagerFactory KMF;
private static TrustManagerFactory TMF;
- private static final String[] ONECIPHER =
- { "TLS_RSA_WITH_AES_128_CBC_SHA" };
+ private static final String[] ONECIPHER = (Utils.isFIPS()) ?
+ new String[] { "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" } : new String[] { "TLS_RSA_WITH_AES_128_CBC_SHA" };
+
public interface TestCase {
public void runTest() throws Exception;
diff --git a/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeyEngine.java b/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeyEngine.java
index 334091d7310..89602cbdc6d 100644
--- a/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeyEngine.java
+++ b/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeyEngine.java
@@ -26,7 +26,6 @@
* @bug 4981697
* @summary Rework the X509KeyManager to avoid incompatibility issues
* @author Brad R. Wetmore
- *
* @run main/othervm -Djdk.tls.acknowledgeCloseNotify=true ExtendedKeyEngine
*/
diff --git a/test/jdk/javax/net/ssl/SSLEngine/LargeBufs.java b/test/jdk/javax/net/ssl/SSLEngine/LargeBufs.java
index 76c181ccff4..6afcc648261 100644
--- a/test/jdk/javax/net/ssl/SSLEngine/LargeBufs.java
+++ b/test/jdk/javax/net/ssl/SSLEngine/LargeBufs.java
@@ -29,7 +29,7 @@
*
* This is to test larger buffer arrays, and make sure the maximum
* is being passed.
- *
+ * @library /test/lib
* @run main/othervm -Djsse.enableCBCProtection=false LargeBufs
*
* @author Brad R. Wetmore
@@ -43,6 +43,8 @@
import java.nio.*;
import java.util.Random;
+import jdk.test.lib.Utils;
+
public class LargeBufs {
private static boolean debug = true;
@@ -181,17 +183,22 @@ private void runTest(String cipher) throws Exception {
}
public static void main(String args[]) throws Exception {
- // reset the security property to make sure that the algorithms
- // and keys used in this test are not disabled.
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
-
LargeBufs test;
- test = new LargeBufs();
- test.runTest("SSL_RSA_WITH_RC4_128_MD5");
-
- test = new LargeBufs();
- test.runTest("SSL_RSA_WITH_3DES_EDE_CBC_SHA");
+ if (!(Utils.isFIPS())) {
+ // reset the security property to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ test = new LargeBufs();
+ test.runTest("SSL_RSA_WITH_RC4_128_MD5");
+ test = new LargeBufs();
+ test.runTest("SSL_RSA_WITH_3DES_EDE_CBC_SHA");
+ } else {
+ test = new LargeBufs();
+ test.runTest("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256");
+ test = new LargeBufs();
+ test.runTest("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384");
+ }
System.out.println("Test Passed.");
}
diff --git a/test/jdk/javax/net/ssl/SSLEngine/NoAuthClientAuth.java b/test/jdk/javax/net/ssl/SSLEngine/NoAuthClientAuth.java
index 208fb3935ae..74860fa2120 100644
--- a/test/jdk/javax/net/ssl/SSLEngine/NoAuthClientAuth.java
+++ b/test/jdk/javax/net/ssl/SSLEngine/NoAuthClientAuth.java
@@ -30,6 +30,7 @@
* @test
* @bug 4495742 8190492
* @summary Demonstrate SSLEngine switch from no client auth to client auth.
+ * @library /test/lib
* @run main/othervm NoAuthClientAuth SSLv3
* @run main/othervm NoAuthClientAuth TLSv1
* @run main/othervm NoAuthClientAuth TLSv1.1
@@ -82,6 +83,9 @@
import java.security.*;
import java.nio.*;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
// Note that this test case depends on JSSE provider implementation details.
public class NoAuthClientAuth {
@@ -140,16 +144,49 @@ public class NoAuthClientAuth {
* Main entry point for this test.
*/
public static void main(String args[]) throws Exception {
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ if (!(Utils.isFIPS())) {
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ tlsProtocol = args[0];
+ } else {
+ if (SecurityUtils.TLS_PROTOCOLS.contains(args[0])) {
+ tlsProtocol = args[0];
+ }
+ }
+ // if (tlsProtocol == null) {
+ // return;
+ // }
if (debug) {
System.setProperty("javax.net.debug", "all");
}
- tlsProtocol = args[0];
-
NoAuthClientAuth test = new NoAuthClientAuth();
- test.runTest();
+ try {
+ test.runTest();
+ } catch (java.lang.IllegalArgumentException iae) {
+ if (Utils.isFIPS()) {
+ if (tlsProtocol == null) {
+ if ("Unsupported protocolnull".equals(iae.getMessage())) {
+ System.out.println("Expected exception msg: is caught");
+ return;
+ } else {
+ System.out.println("Unexpected exception msg: <" + iae.getMessage() + "> is caught");
+ return;
+ }
+ } else {
+ System.out.println("Unexpected exception is caught");
+ iae.printStackTrace();
+ return;
+ }
+ } else {
+ System.out.println("Unexpected exception is caught in Non-FIPS mode");
+ iae.printStackTrace();
+ return;
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ return;
+ }
System.out.println("Test Passed.");
}
diff --git a/test/jdk/javax/net/ssl/SSLEngine/SSLEngineResultArgs.java b/test/jdk/javax/net/ssl/SSLEngine/SSLEngineResultArgs.java
index 3685dca64df..079b6d535ed 100644
--- a/test/jdk/javax/net/ssl/SSLEngine/SSLEngineResultArgs.java
+++ b/test/jdk/javax/net/ssl/SSLEngine/SSLEngineResultArgs.java
@@ -25,7 +25,6 @@
* @test
* @bug 4965868
* @summary SSLEngineResult constructor needs null argument description
- *
* @author Brad Wetmore
*/
diff --git a/test/jdk/javax/net/ssl/SSLEngine/TestAllSuites.java b/test/jdk/javax/net/ssl/SSLEngine/TestAllSuites.java
index 67387bd1661..c4e4e3d8dcc 100644
--- a/test/jdk/javax/net/ssl/SSLEngine/TestAllSuites.java
+++ b/test/jdk/javax/net/ssl/SSLEngine/TestAllSuites.java
@@ -38,6 +38,7 @@
* @author Brad Wetmore
*/
+import jdk.test.lib.Utils;
import jdk.test.lib.security.SecurityUtils;
import javax.net.ssl.*;
@@ -89,7 +90,25 @@ private void createSSLEngines() {
}
private void test() throws Exception {
- String [] suites = clientEngine.getEnabledCipherSuites();
+ List tmpCipherSuites = new ArrayList<>();
+ String [] suites;
+ if (Utils.isFIPS()) {
+ for (String ciphersuite : clientEngine.getEnabledCipherSuites()) {
+ if (!SecurityUtils.TLS_CIPHERSUITES.containsKey(ciphersuite)) {
+ continue;
+ }
+ if (!SecurityUtils.TLS_CIPHERSUITES.get(ciphersuite).equals(PROTOCOL)) {
+ continue;
+ }
+ tmpCipherSuites.add(ciphersuite);
+ }
+ if (tmpCipherSuites.size() == 0) {
+ return;
+ }
+ suites = tmpCipherSuites.toArray(new String[0]);
+ } else {
+ suites = clientEngine.getEnabledCipherSuites();
+ }
System.out.println("Enabled cipher suites for protocol " + PROTOCOL +
": " + Arrays.toString(suites));
for (String suite: suites){
@@ -224,11 +243,17 @@ public static void main(String args[]) throws Exception {
if (args.length < 1) {
throw new RuntimeException("Missing TLS protocol parameter.");
}
-
- switch(args[0]) {
- case "TLSv1.1" -> SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1");
- case "TLSv1.3" -> SecurityUtils.addToDisabledTlsAlgs("TLSv1.2");
- }
+ if (!(Utils.isFIPS())) {
+ switch(args[0]) {
+ case "TLSv1.1" -> SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1");
+ case "TLSv1.3" -> SecurityUtils.addToDisabledTlsAlgs("TLSv1.2");
+ }
+ }
+ // else {
+ // if (!SecurityUtils.TLS_PROTOCOLS.contains(args[0])) {
+ // return;
+ // }
+ // }
TestAllSuites testAllSuites = new TestAllSuites(args[0]);
testAllSuites.createSSLEngines();
diff --git a/test/jdk/javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java b/test/jdk/javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java
index 58e387bcdad..baf768a2ad4 100644
--- a/test/jdk/javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java
+++ b/test/jdk/javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java
@@ -30,6 +30,7 @@
* @test
* @bug 7188657
* @summary There should be a way to reorder the JSSE ciphers
+ * @library /test/lib
* @run main/othervm UseCipherSuitesOrder
* TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA
*/
@@ -39,6 +40,8 @@
import javax.net.ssl.*;
import java.util.Arrays;
+import jdk.test.lib.Utils;
+
public class UseCipherSuitesOrder {
/*
@@ -174,6 +177,10 @@ private static void parseArguments(String[] args) throws Exception {
throw new Exception("Need to enable at least two cipher suites");
}
+ if (Utils.isFIPS()) {
+ cliEnabledCipherSuites = new String[] { "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"};
+ }
+
// Only need to use 2 cipher suites in server side.
srvEnabledCipherSuites = Arrays.copyOf(
cliEnabledCipherSuites, 2);
@@ -197,7 +204,9 @@ private static void parseArguments(String[] args) throws Exception {
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ if (!(Utils.isFIPS())) {
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ }
// parse the arguments
parseArguments(args);
@@ -209,6 +218,11 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", ".") + "/" + pathToStores +
"/" + trustStoreFile;
+ if (Utils.isFIPS()) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
diff --git a/test/jdk/javax/net/ssl/SSLSession/HttpsURLConnectionLocalCertificateChain.java b/test/jdk/javax/net/ssl/SSLSession/HttpsURLConnectionLocalCertificateChain.java
index c6e9753a2c1..5ae7b17ad5e 100644
--- a/test/jdk/javax/net/ssl/SSLSession/HttpsURLConnectionLocalCertificateChain.java
+++ b/test/jdk/javax/net/ssl/SSLSession/HttpsURLConnectionLocalCertificateChain.java
@@ -24,6 +24,7 @@
/*
* @test
* @bug 4395238 4354003 4387961 4395266
+ * @library /test/lib
* @summary A test of many of the new functionality to go into JSSE 1.1
* Fixed 4395238: The new certificate chains APIs should really be
* returning certs, not x509 certs
@@ -42,6 +43,8 @@
import javax.net.ssl.*;
import java.security.cert.*;
+import jdk.test.lib.Utils;
+
public class HttpsURLConnectionLocalCertificateChain
implements HandshakeCompletedListener,
HostnameVerifier {
@@ -211,7 +214,6 @@ void doClientSide() throws Exception {
myURLc = (HttpsURLConnection) myURL.openConnection();
myURLc.setHostnameVerifier(this);
myURLc.connect();
-
InputStream sslIS = myURLc.getInputStream();
System.out.println("Client reading...");
@@ -245,6 +247,11 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + trustStoreFile;
+ if (Utils.isFIPS()) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
diff --git a/test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java b/test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java
index 435dd2345d6..31225107ec0 100644
--- a/test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java
+++ b/test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java
@@ -24,6 +24,7 @@
/*
* @test
* @bug 4280338
+ * @library /test/lib
* @summary "Unsupported SSL message version" SSLProtocolException
* w/SSL_RSA_WITH_NULL_MD5
* @run main/othervm JSSERenegotiate
@@ -40,10 +41,12 @@
import java.security.Security;
import javax.net.ssl.*;
+import jdk.test.lib.Utils;
+
public class JSSERenegotiate {
- static final String suite1 = "SSL_RSA_WITH_NULL_MD5";
- static final String suite2 = "SSL_RSA_WITH_NULL_SHA";
+ static String suite1;
+ static String suite2;
static final String dataString = "This is a test";
@@ -193,7 +196,9 @@ void doClientSide() throws Exception {
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the cipher suites
// used in this test are not disabled
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ if (!(Utils.isFIPS())) {
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ }
String keyFilename =
System.getProperty("test.src", "./") + "/" + pathToStores +
@@ -202,6 +207,16 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + trustStoreFile;
+ if (Utils.isFIPS()) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ suite1 = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
+ suite2 = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
+ } else {
+ suite1 = "SSL_RSA_WITH_NULL_MD5";
+ suite2 = "SSL_RSA_WITH_NULL_SHA";
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
diff --git a/test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java b/test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java
index 9495ee2d28a..7b5262fb1c6 100644
--- a/test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java
+++ b/test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java
@@ -23,6 +23,7 @@
/*
* @test
+ * @library /test/lib
* @run main/othervm -Djavax.net.debug=ssl RenegotiateTLS13
*/
@@ -40,6 +41,8 @@
import java.security.KeyStore;
import java.security.SecureRandom;
+import jdk.test.lib.Utils;
+
public class RenegotiateTLS13 {
static final String dataString = "This is a test";
@@ -139,6 +142,11 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + trustStoreFile;
+ if (Utils.isFIPS()) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
diff --git a/test/jdk/javax/net/ssl/SSLSession/SSLCtxAccessToSessCtx.java b/test/jdk/javax/net/ssl/SSLSession/SSLCtxAccessToSessCtx.java
index 4e3b8e0b076..a05f925690a 100644
--- a/test/jdk/javax/net/ssl/SSLSession/SSLCtxAccessToSessCtx.java
+++ b/test/jdk/javax/net/ssl/SSLSession/SSLCtxAccessToSessCtx.java
@@ -24,6 +24,7 @@
/*
* @test
* @bug 4473210
+ * @library /test/lib
* @summary SSLSessionContext should be accessible from SSLContext
* @run main/othervm -Djdk.tls.server.enableSessionTicketExtension=false
* SSLCtxAccessToSessCtx
@@ -40,6 +41,8 @@
import java.util.concurrent.atomic.AtomicInteger;
import java.security.KeyStore;
+import jdk.test.lib.Utils;
+
public class SSLCtxAccessToSessCtx {
/*
@@ -172,6 +175,11 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + trustStoreFile;
+ if (Utils.isFIPS()) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
diff --git a/test/jdk/javax/net/ssl/SSLSession/SessionCacheSizeTests.java b/test/jdk/javax/net/ssl/SSLSession/SessionCacheSizeTests.java
index bb61abb35d5..b3203d07ae0 100644
--- a/test/jdk/javax/net/ssl/SSLSession/SessionCacheSizeTests.java
+++ b/test/jdk/javax/net/ssl/SSLSession/SessionCacheSizeTests.java
@@ -29,6 +29,7 @@
/*
* @test
* @bug 4366807
+ * @library /test/lib
* @summary Need new APIs to get/set session timeout and session cache size.
* @run main/othervm SessionCacheSizeTests
*/
@@ -39,6 +40,8 @@
import java.util.*;
import java.security.*;
+import jdk.test.lib.Utils;
+
/**
* Session cache size tests cover the following cases:
* 1. Effect of system property javax.net.ssl.SessionCacheSize (this
@@ -305,6 +308,11 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + trustStoreFile;
+ if (Utils.isFIPS()) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
diff --git a/test/jdk/javax/net/ssl/SSLSession/SessionTimeOutTests.java b/test/jdk/javax/net/ssl/SSLSession/SessionTimeOutTests.java
index c44c12f6c59..e4fb9410e9f 100644
--- a/test/jdk/javax/net/ssl/SSLSession/SessionTimeOutTests.java
+++ b/test/jdk/javax/net/ssl/SSLSession/SessionTimeOutTests.java
@@ -27,6 +27,7 @@
/*
* @test
* @bug 4366807
+ * @library /test/lib
* @summary Need new APIs to get/set session timeout and session cache size.
* @run main/othervm SessionTimeOutTests
*/
@@ -41,6 +42,8 @@
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
+import jdk.test.lib.Utils;
+
/**
* Session reuse time-out tests cover the cases below:
* 1. general test, i.e timeout is set to x and session invalidates when
@@ -332,6 +335,11 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + trustStoreFile;
+ if (Utils.isFIPS()) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
diff --git a/test/jdk/javax/net/ssl/SSLSession/TestEnabledProtocols.java b/test/jdk/javax/net/ssl/SSLSession/TestEnabledProtocols.java
index 4e56a9a655b..c4aa2c915a9 100644
--- a/test/jdk/javax/net/ssl/SSLSession/TestEnabledProtocols.java
+++ b/test/jdk/javax/net/ssl/SSLSession/TestEnabledProtocols.java
@@ -34,6 +34,7 @@
* 4701722 protocol mismatch exceptions should be consistent between
* SSLv3 and TLSv1
* @library /javax/net/ssl/templates
+ * @library /test/lib
* @run main/othervm TestEnabledProtocols
* @author Ram Marti
*/
@@ -52,6 +53,9 @@
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class TestEnabledProtocols extends SSLSocketTemplate {
private final String[] serverProtocols;
@@ -165,121 +169,236 @@ private void failTest(Exception e, String message) {
}
public static void main(String[] args) throws Exception {
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
-
- runCase(new String[] { "TLSv1" },
- new String[] { "TLSv1" },
- false, "TLSv1");
- runCase(new String[] { "TLSv1" },
- new String[] { "TLSv1", "SSLv2Hello" },
- true, null);
- runCase(new String[] { "TLSv1" },
- new String[] { "TLSv1", "SSLv3" },
- false, "TLSv1");
- runCase(new String[] { "TLSv1" },
- new String[] { "SSLv3", "SSLv2Hello" },
- true, null);
- runCase(new String[] { "TLSv1" },
- new String[] { "SSLv3" },
- true, null);
- runCase(new String[] { "TLSv1" },
- new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
- true, null);
-
- runCase(new String[] { "TLSv1", "SSLv2Hello" },
- new String[] { "TLSv1" },
- false, "TLSv1");
- runCase(new String[] { "TLSv1", "SSLv2Hello" },
- new String[] { "TLSv1", "SSLv2Hello" },
- false, "TLSv1");
- runCase(new String[] { "TLSv1", "SSLv2Hello" },
- new String[] { "TLSv1", "SSLv3" },
- false, "TLSv1");
- runCase(new String[] { "TLSv1", "SSLv2Hello" },
- new String[] { "SSLv3", "SSLv2Hello" },
- true, null);
- runCase(new String[] { "TLSv1", "SSLv2Hello" },
- new String[] { "SSLv3" },
- true, null);
- runCase(new String[] { "TLSv1", "SSLv2Hello" },
- new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
- false, "TLSv1");
-
- runCase(new String[] { "TLSv1", "SSLv3" },
- new String[] { "TLSv1" },
- false, "TLSv1");
- runCase(new String[] { "TLSv1", "SSLv3" },
- new String[] { "TLSv1", "SSLv2Hello" },
- true, null);
- runCase(new String[] { "TLSv1", "SSLv3" },
- new String[] { "TLSv1", "SSLv3" },
- false, "TLSv1");
- runCase(new String[] { "TLSv1", "SSLv3" },
- new String[] { "SSLv3", "SSLv2Hello" },
- true, null);
- runCase(new String[] { "TLSv1", "SSLv3" },
- new String[] { "SSLv3" },
- false, "SSLv3");
- runCase(new String[] { "TLSv1", "SSLv3" },
- new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
- true, null);
-
- runCase(new String[] { "SSLv3", "SSLv2Hello" },
- new String[] { "TLSv1" },
- true, null);
- runCase(new String[] { "SSLv3", "SSLv2Hello" },
- new String[] { "TLSv1", "SSLv2Hello" },
- true, null);
- runCase(new String[] { "SSLv3", "SSLv2Hello" },
- new String[] { "TLSv1", "SSLv3" },
- false, "SSLv3");
- runCase(new String[] { "SSLv3", "SSLv2Hello" },
- new String[] { "SSLv3", "SSLv2Hello" },
- false, "SSLv3");
- runCase(new String[] { "SSLv3", "SSLv2Hello" },
- new String[] { "SSLv3" },
- false, "SSLv3");
- runCase(new String[] { "SSLv3", "SSLv2Hello" },
- new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
- false, "SSLv3");
-
- runCase(new String[] { "SSLv3" },
- new String[] { "TLSv1" },
- true, null);
- runCase(new String[] { "SSLv3" },
- new String[] { "TLSv1", "SSLv2Hello" },
- true, null);
- runCase(new String[] { "SSLv3" },
- new String[] { "TLSv1", "SSLv3" },
- false, "SSLv3");
- runCase(new String[] { "SSLv3" },
- new String[] { "SSLv3", "SSLv2Hello" },
- true, null);
- runCase(new String[] { "SSLv3" },
- new String[] { "SSLv3" },
- false, "SSLv3");
- runCase(new String[] { "SSLv3" },
- new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
- true, null);
-
- runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
- new String[] { "TLSv1" },
- false, "TLSv1");
- runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
- new String[] { "TLSv1", "SSLv2Hello" },
- false, "TLSv1");
- runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
- new String[] { "TLSv1", "SSLv3" },
- false, "TLSv1");
- runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
- new String[] { "SSLv3", "SSLv2Hello" },
- false, "SSLv3");
- runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
- new String[] { "SSLv3" },
- false, "SSLv3");
- runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
- new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
- false, "TLSv1");
+ if (!(Utils.isFIPS())) {
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ runCase(new String[] { "TLSv1" },
+ new String[] { "TLSv1" },
+ false, "TLSv1");
+ runCase(new String[] { "TLSv1" },
+ new String[] { "TLSv1", "SSLv2Hello" },
+ true, null);
+ runCase(new String[] { "TLSv1" },
+ new String[] { "TLSv1", "SSLv3" },
+ false, "TLSv1");
+ runCase(new String[] { "TLSv1" },
+ new String[] { "SSLv3", "SSLv2Hello" },
+ true, null);
+ runCase(new String[] { "TLSv1" },
+ new String[] { "SSLv3" },
+ true, null);
+ runCase(new String[] { "TLSv1" },
+ new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ true, null);
+
+ runCase(new String[] { "TLSv1", "SSLv2Hello" },
+ new String[] { "TLSv1" },
+ false, "TLSv1");
+ runCase(new String[] { "TLSv1", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv2Hello" },
+ false, "TLSv1");
+ runCase(new String[] { "TLSv1", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv3" },
+ false, "TLSv1");
+ runCase(new String[] { "TLSv1", "SSLv2Hello" },
+ new String[] { "SSLv3", "SSLv2Hello" },
+ true, null);
+ runCase(new String[] { "TLSv1", "SSLv2Hello" },
+ new String[] { "SSLv3" },
+ true, null);
+ runCase(new String[] { "TLSv1", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ false, "TLSv1");
+
+ runCase(new String[] { "TLSv1", "SSLv3" },
+ new String[] { "TLSv1" },
+ false, "TLSv1");
+ runCase(new String[] { "TLSv1", "SSLv3" },
+ new String[] { "TLSv1", "SSLv2Hello" },
+ true, null);
+ runCase(new String[] { "TLSv1", "SSLv3" },
+ new String[] { "TLSv1", "SSLv3" },
+ false, "TLSv1");
+ runCase(new String[] { "TLSv1", "SSLv3" },
+ new String[] { "SSLv3", "SSLv2Hello" },
+ true, null);
+ runCase(new String[] { "TLSv1", "SSLv3" },
+ new String[] { "SSLv3" },
+ false, "SSLv3");
+ runCase(new String[] { "TLSv1", "SSLv3" },
+ new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ true, null);
+
+ runCase(new String[] { "SSLv3", "SSLv2Hello" },
+ new String[] { "TLSv1" },
+ true, null);
+ runCase(new String[] { "SSLv3", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv2Hello" },
+ true, null);
+ runCase(new String[] { "SSLv3", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv3" },
+ false, "SSLv3");
+ runCase(new String[] { "SSLv3", "SSLv2Hello" },
+ new String[] { "SSLv3", "SSLv2Hello" },
+ false, "SSLv3");
+ runCase(new String[] { "SSLv3", "SSLv2Hello" },
+ new String[] { "SSLv3" },
+ false, "SSLv3");
+ runCase(new String[] { "SSLv3", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ false, "SSLv3");
+
+ runCase(new String[] { "SSLv3" },
+ new String[] { "TLSv1" },
+ true, null);
+ runCase(new String[] { "SSLv3" },
+ new String[] { "TLSv1", "SSLv2Hello" },
+ true, null);
+ runCase(new String[] { "SSLv3" },
+ new String[] { "TLSv1", "SSLv3" },
+ false, "SSLv3");
+ runCase(new String[] { "SSLv3" },
+ new String[] { "SSLv3", "SSLv2Hello" },
+ true, null);
+ runCase(new String[] { "SSLv3" },
+ new String[] { "SSLv3" },
+ false, "SSLv3");
+ runCase(new String[] { "SSLv3" },
+ new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ true, null);
+
+ runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ new String[] { "TLSv1" },
+ false, "TLSv1");
+ runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv2Hello" },
+ false, "TLSv1");
+ runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv3" },
+ false, "TLSv1");
+ runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ new String[] { "SSLv3", "SSLv2Hello" },
+ false, "SSLv3");
+ runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ new String[] { "SSLv3" },
+ false, "SSLv3");
+ runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ false, "TLSv1");
+ } else {
+ runCase(new String[] { "TLSv1" },
+ new String[] { "TLSv1" },
+ true, "TLSv1");
+ runCase(new String[] { "TLSv1" },
+ new String[] { "TLSv1", "SSLv2Hello" },
+ true, null);
+ runCase(new String[] { "TLSv1" },
+ new String[] { "TLSv1", "SSLv3" },
+ true, "TLSv1");
+ runCase(new String[] { "TLSv1" },
+ new String[] { "SSLv3", "SSLv2Hello" },
+ true, null);
+ runCase(new String[] { "TLSv1" },
+ new String[] { "SSLv3" },
+ true, null);
+ runCase(new String[] { "TLSv1" },
+ new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ true, null);
+
+ runCase(new String[] { "TLSv1", "SSLv2Hello" },
+ new String[] { "TLSv1" },
+ true, "TLSv1");
+ runCase(new String[] { "TLSv1", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv2Hello" },
+ true, "TLSv1");
+ runCase(new String[] { "TLSv1", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv3" },
+ true, "TLSv1");
+ runCase(new String[] { "TLSv1", "SSLv2Hello" },
+ new String[] { "SSLv3", "SSLv2Hello" },
+ true, null);
+ runCase(new String[] { "TLSv1", "SSLv2Hello" },
+ new String[] { "SSLv3" },
+ true, null);
+ runCase(new String[] { "TLSv1", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ true, "TLSv1");
+
+ runCase(new String[] { "TLSv1", "SSLv3" },
+ new String[] { "TLSv1" },
+ true, "TLSv1");
+ runCase(new String[] { "TLSv1", "SSLv3" },
+ new String[] { "TLSv1", "SSLv2Hello" },
+ true, null);
+ runCase(new String[] { "TLSv1", "SSLv3" },
+ new String[] { "TLSv1", "SSLv3" },
+ true, "TLSv1");
+ runCase(new String[] { "TLSv1", "SSLv3" },
+ new String[] { "SSLv3", "SSLv2Hello" },
+ true, null);
+ runCase(new String[] { "TLSv1", "SSLv3" },
+ new String[] { "SSLv3" },
+ true, "SSLv3");
+ runCase(new String[] { "TLSv1", "SSLv3" },
+ new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ true, null);
+
+ runCase(new String[] { "SSLv3", "SSLv2Hello" },
+ new String[] { "TLSv1" },
+ true, null);
+ runCase(new String[] { "SSLv3", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv2Hello" },
+ true, null);
+ runCase(new String[] { "SSLv3", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv3" },
+ true, "SSLv3");
+ runCase(new String[] { "SSLv3", "SSLv2Hello" },
+ new String[] { "SSLv3", "SSLv2Hello" },
+ true, "SSLv3");
+ runCase(new String[] { "SSLv3", "SSLv2Hello" },
+ new String[] { "SSLv3" },
+ true, "SSLv3");
+ runCase(new String[] { "SSLv3", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ true, "SSLv3");
+
+ runCase(new String[] { "SSLv3" },
+ new String[] { "TLSv1" },
+ true, null);
+ runCase(new String[] { "SSLv3" },
+ new String[] { "TLSv1", "SSLv2Hello" },
+ true, null);
+ runCase(new String[] { "SSLv3" },
+ new String[] { "TLSv1", "SSLv3" },
+ true, "SSLv3");
+ runCase(new String[] { "SSLv3" },
+ new String[] { "SSLv3", "SSLv2Hello" },
+ true, null);
+ runCase(new String[] { "SSLv3" },
+ new String[] { "SSLv3" },
+ true, "SSLv3");
+ runCase(new String[] { "SSLv3" },
+ new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ true, null);
+
+ runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ new String[] { "TLSv1" },
+ true, "TLSv1");
+ runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv2Hello" },
+ true, "TLSv1");
+ runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv3" },
+ true, "TLSv1");
+ runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ new String[] { "SSLv3", "SSLv2Hello" },
+ true, "SSLv3");
+ runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ new String[] { "SSLv3" },
+ true, "SSLv3");
+ runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ new String[] { "TLSv1", "SSLv3", "SSLv2Hello" },
+ true, "TLSv1");
+ }
}
private static void runCase(
diff --git a/test/jdk/javax/net/ssl/SSLSocket/ClientExcOnAlert.java b/test/jdk/javax/net/ssl/SSLSocket/ClientExcOnAlert.java
index 063befba3b7..88e9f08edae 100644
--- a/test/jdk/javax/net/ssl/SSLSocket/ClientExcOnAlert.java
+++ b/test/jdk/javax/net/ssl/SSLSocket/ClientExcOnAlert.java
@@ -55,6 +55,9 @@
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+
public class ClientExcOnAlert {
// This is a PKCS#12 keystore created with the following command:
// keytool -genkeypair -alias testcert -keyalg rsa -keysize 2048
@@ -66,6 +69,7 @@ public class ClientExcOnAlert {
// file.
private static int serverPort = -1;
private static final String KEYSTORE_PASS = "password";
+ // private static final String KEYSTORE_PEM_FIPS = ;
private static final String KEYSTORE_PEM =
"MIIJrwIBAzCCCWgGCSqGSIb3DQEHAaCCCVkEgglVMIIJUTCCBW0GCSqGSIb3DQEH\n" +
"AaCCBV4EggVaMIIFVjCCBVIGCyqGSIb3DQEMCgECoIIE+zCCBPcwKQYKKoZIhvcN\n" +
@@ -124,6 +128,7 @@ public class ClientExcOnAlert {
static final Condition serverReady = lock.newCondition();
public static void main(String[] args) throws Exception {
+ printPEM(KEYSTORE_PEM);
Thread serverThread = new Thread(() -> {
try {
doServerSide();
@@ -134,7 +139,6 @@ public static void main(String[] args) throws Exception {
}
);
serverThread.start();
-
try {
doClientSide((args == null || args.length < 1) ? null : args[0]);
throw new RuntimeException("Expected SSLException did not occur!");
@@ -143,7 +147,6 @@ public static void main(String[] args) throws Exception {
} finally {
serverThread.join();
}
-
}
static void doServerSide() throws Exception {
@@ -151,11 +154,10 @@ static void doServerSide() throws Exception {
SSLContext sslc = SSLContext.getInstance("TLS");
log("doServerSide start");
KeyManagerFactory kmf = createKeyManagerFactory(KEYSTORE_PEM,
- KEYSTORE_PASS);
+ KEYSTORE_PASS);
sslc.init(kmf.getKeyManagers(), null, null);
SSLServerSocketFactory ssf =
(SSLServerSocketFactory)sslc.getServerSocketFactory();
-
try (SSLServerSocket sslServerSocket =
(SSLServerSocket)ssf.createServerSocket(0)) {
sslServerSocket.setReuseAddress(true);
@@ -247,4 +249,24 @@ private static void log(String msgFmt, Object ... args) {
sb.append(String.format(msgFmt, args));
System.out.println(sb.toString());
}
-}
+
+ private static void printPEM(String KEYSTORE_PEM) {
+ Base64.Decoder b64dec = Base64.getMimeDecoder();
+ byte[] pemBytes = b64dec.decode(KEYSTORE_PEM);
+
+ try {
+ CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
+ X509Certificate cert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(pemBytes));
+
+ System.out.println("Certificate:");
+ System.out.println(" Subject: " + cert.getSubjectX500Principal().getName());
+ System.out.println(" Issuer: " + cert.getIssuerX500Principal().getName());
+ System.out.println(" Serial Number: " + cert.getSerialNumber());
+ System.out.println(" Valid from: " + cert.getNotBefore());
+ System.out.println(" Valid until: " + cert.getNotAfter());
+ System.out.println(" Public Key Algorithm: " + cert.getPublicKey().getAlgorithm());
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
\ No newline at end of file
diff --git a/test/jdk/javax/net/ssl/ServerName/BestEffortOnLazyConnected.java b/test/jdk/javax/net/ssl/ServerName/BestEffortOnLazyConnected.java
index bda0710f61e..46dd8d629c2 100644
--- a/test/jdk/javax/net/ssl/ServerName/BestEffortOnLazyConnected.java
+++ b/test/jdk/javax/net/ssl/ServerName/BestEffortOnLazyConnected.java
@@ -30,6 +30,7 @@
* @test
* @bug 8144566
* @summary Custom HostnameVerifier disables SNI extension
+ * @library /test/lib
* @run main/othervm BestEffortOnLazyConnected
*/
@@ -37,6 +38,8 @@
import java.net.*;
import javax.net.ssl.*;
+import jdk.test.lib.Utils;
+
public class BestEffortOnLazyConnected {
/*
@@ -171,6 +174,11 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", ".") + "/" + pathToStores +
"/" + trustStoreFile;
+ if (Utils.isFIPS()) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
diff --git a/test/jdk/javax/net/ssl/ServerName/SSLEngineExplorer.java b/test/jdk/javax/net/ssl/ServerName/SSLEngineExplorer.java
index 64a62158eee..48d7fe00cfe 100644
--- a/test/jdk/javax/net/ssl/ServerName/SSLEngineExplorer.java
+++ b/test/jdk/javax/net/ssl/ServerName/SSLEngineExplorer.java
@@ -31,6 +31,7 @@
* @bug 7068321 8190492
* @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server
* @library ../SSLEngine ../templates
+ * @library /test/lib
* @build SSLEngineService SSLCapabilities SSLExplorer
* @run main/othervm SSLEngineExplorer SSLv2Hello,SSLv3
* @run main/othervm SSLEngineExplorer SSLv3
@@ -46,6 +47,9 @@
import java.nio.channels.*;
import java.security.Security;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class SSLEngineExplorer extends SSLEngineService {
/*
@@ -220,7 +224,19 @@ void checkCapabilities(SSLCapabilities capabilities,
private static String[] supportedProtocols; // supported protocols
private static void parseArguments(String[] args) {
- supportedProtocols = args[0].split(",");
+ List supportProtocols = new ArrayList<>();
+ for (String supportProtocol : args[0].split(",")) {
+ System.out.println("the args[0] is: " + supportProtocol);
+ if (!SecurityUtils.TLS_PROTOCOLS.contains(supportProtocol)) {
+ continue;
+ }
+ System.out.println("SupportProtocol is: " + supportProtocol);
+ supportProtocols.add(supportProtocol);
+ }
+ supportedProtocols = supportProtocols.toArray(new String[0]);
+ for (String s : supportedProtocols) {
+ System.out.println("SupportedProtocols is: " + s);
+ }
}
@@ -237,7 +253,9 @@ private static void parseArguments(String[] args) {
public static void main(String args[]) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ if (!(Utils.isFIPS())) {
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ }
if (debug)
System.setProperty("javax.net.debug", "all");
@@ -245,9 +263,35 @@ public static void main(String args[]) throws Exception {
/*
* Get the customized arguments.
*/
+ System.out.println("args is: " + args);
parseArguments(args);
- new SSLEngineExplorer();
+ try {
+ new SSLEngineExplorer();
+ } catch (javax.net.ssl.SSLHandshakeException sslhe) {
+ if (Utils.isFIPS()) {
+ if (supportedProtocols == null || supportedProtocols.length == 0) {
+ if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) {
+ System.out.println("Expected exception msg: is caught");
+ return;
+ } else {
+ System.out.println("Unexpected exception msg: <" + sslhe.getMessage() + "> is caught");
+ return;
+ }
+ } else {
+ System.out.println("Unexpected exception is caught");
+ sslhe.printStackTrace();
+ return;
+ }
+ } else {
+ System.out.println("Unexpected exception is caught in Non-FIPS mode");
+ sslhe.printStackTrace();
+ return;
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ return;
+ }
}
Thread clientThread = null;
diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketConsistentSNI.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketConsistentSNI.java
index 38d999aa3ef..1f1dd15fa82 100644
--- a/test/jdk/javax/net/ssl/ServerName/SSLSocketConsistentSNI.java
+++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketConsistentSNI.java
@@ -30,6 +30,7 @@
* @test
* @bug 7068321
* @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server
+ * @library /test/lib
* @run main/othervm SSLSocketConsistentSNI
*/
@@ -40,6 +41,8 @@
import java.net.*;
import javax.net.ssl.*;
+import jdk.test.lib.Utils;
+
public class SSLSocketConsistentSNI {
/*
@@ -218,6 +221,11 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", ".") + "/" + pathToStores +
"/" + trustStoreFile;
+ if (Utils.isFIPS()) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorer.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorer.java
index 4992553eba9..b5fbdbddc9a 100644
--- a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorer.java
+++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorer.java
@@ -31,6 +31,7 @@
* @bug 7068321 8190492
* @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server
* @library ../templates
+ * @library /test/lib
* @build SSLCapabilities SSLExplorer
* @run main/othervm SSLSocketExplorer SSLv2Hello,SSLv3
* @run main/othervm SSLSocketExplorer SSLv3
@@ -47,6 +48,9 @@
import javax.net.ssl.*;
import java.security.Security;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class SSLSocketExplorer {
/*
@@ -212,7 +216,14 @@ void checkCapabilities(SSLCapabilities capabilities,
private static String[] supportedProtocols; // supported protocols
private static void parseArguments(String[] args) {
- supportedProtocols = args[0].split(",");
+ List supportProtocols = new ArrayList<>();
+ for (String supportProtocol : args[0].split(",")) {
+ if (!SecurityUtils.TLS_PROTOCOLS.contains(supportProtocol)) {
+ continue;
+ }
+ supportProtocols.add(supportProtocol);
+ }
+ supportedProtocols = supportProtocols.toArray(new String[0]);
}
@@ -230,7 +241,9 @@ private static void parseArguments(String[] args) {
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ if (!(Utils.isFIPS())) {
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ }
String keyFilename =
System.getProperty("test.src", ".") + "/" + pathToStores +
@@ -239,6 +252,11 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", ".") + "/" + pathToStores +
"/" + trustStoreFile;
+ if (Utils.isFIPS()) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
@@ -255,7 +273,32 @@ public static void main(String[] args) throws Exception {
/*
* Start the tests.
*/
- new SSLSocketExplorer();
+ try {
+ new SSLSocketExplorer();
+ } catch (javax.net.ssl.SSLHandshakeException sslhe) {
+ if (Utils.isFIPS()) {
+ if (supportedProtocols == null || supportedProtocols.length == 0) {
+ if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) {
+ System.out.println("Expected exception msg: is caught");
+ return;
+ } else {
+ System.out.println("Unexpected exception msg: <" + sslhe.getMessage() + "> is caught");
+ return;
+ }
+ } else {
+ System.out.println("Unexpected exception is caught");
+ sslhe.printStackTrace();
+ return;
+ }
+ } else {
+ System.out.println("Unexpected exception is caught in Non-FIPS mode");
+ sslhe.printStackTrace();
+ return;
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ return;
+ }
}
Thread clientThread = null;
diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerFailure.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerFailure.java
index 00d00001d87..2ea95b3d78d 100644
--- a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerFailure.java
+++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerFailure.java
@@ -31,6 +31,7 @@
* @bug 7068321
* @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server
* @library ../templates
+ * @library /test/lib
* @build SSLCapabilities SSLExplorer
* @run main/othervm SSLSocketExplorerFailure SSLv2Hello,SSLv3
* @run main/othervm SSLSocketExplorerFailure SSLv3
@@ -47,6 +48,8 @@
import javax.net.ssl.*;
import java.security.Security;
+import jdk.test.lib.Utils;
+
public class SSLSocketExplorerFailure {
/*
@@ -233,9 +236,11 @@ private static void parseArguments(String[] args) {
volatile Exception clientException = null;
public static void main(String[] args) throws Exception {
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
- Security.setProperty("jdk.certpath.disabledAlgorithms", "");
-
+ if (!(Utils.isFIPS())) {
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ Security.setProperty("jdk.certpath.disabledAlgorithms", "");
+ }
+
String keyFilename =
System.getProperty("test.src", ".") + "/" + pathToStores +
"/" + keyStoreFile;
diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerMatchedSNI.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerMatchedSNI.java
index 724a37e1a80..5d30d861ed1 100644
--- a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerMatchedSNI.java
+++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerMatchedSNI.java
@@ -31,6 +31,7 @@
* @bug 7068321
* @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server
* @library ../templates
+ * @library /test/lib
* @build SSLCapabilities SSLExplorer
* @run main/othervm SSLSocketExplorerMatchedSNI www.example.com
* www\.example\.com
@@ -51,6 +52,8 @@
import java.net.*;
import javax.net.ssl.*;
+import jdk.test.lib.Utils;
+
public class SSLSocketExplorerMatchedSNI {
/*
@@ -291,6 +294,11 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", ".") + "/" + pathToStores +
"/" + trustStoreFile;
+ if (Utils.isFIPS()) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithCliSNI.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithCliSNI.java
index 8f2b7816864..9907a06cb1e 100644
--- a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithCliSNI.java
+++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithCliSNI.java
@@ -31,6 +31,7 @@
* @bug 7068321
* @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server
* @library ../templates
+ * @library /test/lib
* @build SSLCapabilities SSLExplorer
* @run main/othervm SSLSocketExplorerWithCliSNI
*/
@@ -42,6 +43,8 @@
import java.net.*;
import javax.net.ssl.*;
+import jdk.test.lib.Utils;
+
public class SSLSocketExplorerWithCliSNI {
/*
@@ -268,6 +271,11 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", ".") + "/" + pathToStores +
"/" + trustStoreFile;
+ if (Utils.isFIPS()) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithSrvSNI.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithSrvSNI.java
index f026f32e781..ca677acfe62 100644
--- a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithSrvSNI.java
+++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithSrvSNI.java
@@ -31,6 +31,7 @@
* @bug 7068321
* @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server
* @library ../templates
+ * @library /test/lib
* @build SSLCapabilities SSLExplorer
* @run main/othervm SSLSocketExplorerWithSrvSNI
*/
@@ -42,6 +43,8 @@
import java.net.*;
import javax.net.ssl.*;
+import jdk.test.lib.Utils;
+
public class SSLSocketExplorerWithSrvSNI {
/*
@@ -251,6 +254,11 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", ".") + "/" + pathToStores +
"/" + trustStoreFile;
+ if (Utils.isFIPS()) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java
index da2f422149d..d1a3a218686 100644
--- a/test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java
+++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java
@@ -31,6 +31,7 @@
/*
* @test
* @bug 7068321
+ * @library /test/lib
* @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server
* @run main/othervm SSLSocketSNISensitive PKIX www.example.com
* @run main/othervm SSLSocketSNISensitive SunX509 www.example.com
@@ -54,6 +55,10 @@
import java.security.interfaces.*;
import java.util.Base64;
+import java.io.ByteArrayInputStream;
+
+import jdk.test.lib.Utils;
+
// Note: this test case works only on TLS 1.2 and prior versions because of
// the use of MD5withRSA signed certificate.
public class SSLSocketSNISensitive {
@@ -249,6 +254,8 @@ public class SSLSocketSNISensitive {
*/
static boolean debug = false;
+ static String[] signatureAlgos = new String[5];
+
/*
* Define the server side of the test.
*
@@ -434,10 +441,12 @@ private static SSLContext generateSSLContext(boolean isClient)
public static void main(String[] args) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
- Security.setProperty("jdk.certpath.disabledAlgorithms",
- "MD2, RSA keySize < 1024");
- Security.setProperty("jdk.tls.disabledAlgorithms",
- "SSLv3, RC4, DH keySize < 768");
+ if (!(Utils.isFIPS())) {
+ Security.setProperty("jdk.certpath.disabledAlgorithms",
+ "MD2, RSA keySize < 1024");
+ Security.setProperty("jdk.tls.disabledAlgorithms",
+ "SSLv3, RC4, DH keySize < 768");
+ }
if (debug)
System.setProperty("javax.net.debug", "all");
@@ -450,7 +459,36 @@ public static void main(String[] args) throws Exception {
/*
* Start the tests.
*/
- new SSLSocketSNISensitive();
+ try {
+ new SSLSocketSNISensitive();
+ } catch (Exception e) {
+ if (Utils.isFIPS()) {
+ // for (int i=0; i is caught.");
+ // return;
+ // }
+ // }
+ if (e instanceof javax.net.ssl.SSLHandshakeException) {
+ if ("no cipher suites in common".equals(e.getMessage())) {
+ System.out.println("Expected exception msg: is caught.");
+ return;
+ } else {
+ System.out.println("Unexpected exception msg: <" + e.getMessage() + "> is caught.");
+ return;
+ }
+ } else {
+ System.out.println("Unexpected exception msg is caught.");
+ return;
+ }
+ } else {
+ System.out.println("failure is not in FIPS mode.");
+ e.printStackTrace();
+ return;
+ }
+ }
}
Thread clientThread = null;
diff --git a/test/jdk/javax/net/ssl/TLS/CipherTestUtils.java b/test/jdk/javax/net/ssl/TLS/CipherTestUtils.java
index 38b0d871c1c..139a8d66f52 100644
--- a/test/jdk/javax/net/ssl/TLS/CipherTestUtils.java
+++ b/test/jdk/javax/net/ssl/TLS/CipherTestUtils.java
@@ -72,7 +72,7 @@ public class CipherTestUtils {
public static final SecureRandom secureRandom = new SecureRandom();
public static char[] PASSWORD = "passphrase".toCharArray();
private static final List TESTS = new ArrayList<>(3);
- private static final List EXCEPTIONS
+ public static final List EXCEPTIONS
= Collections.synchronizedList(new ArrayList<>(1));
private static final String CLIENT_PUBLIC_KEY
diff --git a/test/jdk/javax/net/ssl/TLS/TestJSSE.java b/test/jdk/javax/net/ssl/TLS/TestJSSE.java
index 29631064011..69e487d14c4 100644
--- a/test/jdk/javax/net/ssl/TLS/TestJSSE.java
+++ b/test/jdk/javax/net/ssl/TLS/TestJSSE.java
@@ -21,6 +21,14 @@
* questions.
*/
+import java.lang.reflect.Field;
+
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Map;
+import java.util.HashMap;
+
import java.net.InetAddress;
import java.security.Provider;
import java.security.Security;
@@ -28,14 +36,38 @@
public class TestJSSE {
private static final String LOCAL_IP = InetAddress.getLoopbackAddress().getHostAddress();
+ private static boolean isFIPS = Boolean.parseBoolean(System.getProperty("semeru.fips"));
+ private static final Map TLS_CIPHERSUITES = new HashMap<>();
+
+ private static String checkIfProtocolIsUsedInCommonFIPS(String srvProtocol, String clnProtocol) {
+ String protocolUsedInHandShake;
+ List srvProtocols = Arrays.asList(srvProtocol.split(","));
+ List clnProtocols;
+ if (clnProtocol.equals("DEFAULT")) {
+ if (srvProtocols.contains("TLSv1.3")) {
+ protocolUsedInHandShake = "TLSv1.3";
+ } else if (srvProtocols.contains("TLSv1.2")) {
+ protocolUsedInHandShake = "TLSv1.2";
+ } else {
+ protocolUsedInHandShake = null;
+ }
+ } else {
+ clnProtocols = Arrays.asList(clnProtocol.split(","));
+ if (srvProtocols.contains("TLSv1.3") && clnProtocols.contains("TLSv1.3")) {
+ protocolUsedInHandShake = "TLSv1.3";
+ } else if (srvProtocols.contains("TLSv1.2") && clnProtocols.contains("TLSv1.2")) {
+ protocolUsedInHandShake = "TLSv1.2";
+ } else {
+ protocolUsedInHandShake = null;
+ }
+ }
+ return protocolUsedInHandShake;
+ }
public static void main(String... args) throws Exception {
- // reset the security property to make sure that the algorithms
- // and keys used in this test are not disabled.
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
// enable debug output
- System.setProperty("javax.net.debug", "ssl,record");
+ // System.setProperty("javax.net.debug", "ssl,record");
String srvProtocol = System.getProperty("SERVER_PROTOCOL");
String clnProtocol = System.getProperty("CLIENT_PROTOCOL");
@@ -43,13 +75,50 @@ public static void main(String... args) throws Exception {
if (srvProtocol == null || clnProtocol == null || cipher == null) {
throw new IllegalArgumentException("Incorrect parameters");
}
+ if (System.getProperty("jdk.tls.client.protocols") != null) {
+ clnProtocol = System.getProperty("jdk.tls.client.protocols");
+ }
System.out.println("ServerProtocol = " + srvProtocol);
System.out.println("ClientProtocol = " + clnProtocol);
System.out.println("Cipher = " + cipher);
+ // reset the security property to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ String protocolUsedInHandShake = null;
+ if (!(isFIPS)) {
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ } else {
+ TLS_CIPHERSUITES.put("TLS_AES_128_GCM_SHA256", "TLSv1.3");
+ TLS_CIPHERSUITES.put("TLS_AES_256_GCM_SHA384", "TLSv1.3");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
+ protocolUsedInHandShake = checkIfProtocolIsUsedInCommonFIPS(srvProtocol, clnProtocol);
+ }
+
try (CipherTestUtils.Server srv = server(srvProtocol, cipher, args)) {
client(srv.getPort(), clnProtocol, cipher, args);
+ } catch (Exception e) {
+ if (isFIPS) {
+ if (protocolUsedInHandShake == null || !TLS_CIPHERSUITES.containsKey(cipher)
+ || (protocolUsedInHandShake != null && !TLS_CIPHERSUITES.get(cipher).equals(protocolUsedInHandShake))) {
+ if (CipherTestUtils.EXCEPTIONS.get(0) instanceof javax.net.ssl.SSLHandshakeException) {
+ if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(CipherTestUtils.EXCEPTIONS.get(0).getMessage())) {
+ if (args.length >= 1 && args[0].equals("javax.net.ssl.SSLHandshakeException")) {
+ System.out.println("Expected exception msg from client: is caught");
+ } else {
+ System.out.println("Expected exception msg from client: is caught");
+ }
+ }
+ }
+ }
+ }
}
}
diff --git a/test/jdk/javax/net/ssl/TLSCommon/ConcurrentClientAccessTest.java b/test/jdk/javax/net/ssl/TLSCommon/ConcurrentClientAccessTest.java
index b26c82c8cfb..34c0c5b5c9a 100644
--- a/test/jdk/javax/net/ssl/TLSCommon/ConcurrentClientAccessTest.java
+++ b/test/jdk/javax/net/ssl/TLSCommon/ConcurrentClientAccessTest.java
@@ -47,9 +47,13 @@
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
/*
* @test
* @bug 8208496
+ * @library /test/lib
* @summary Test to verify concurrent behavior of TLS.
* @run main/othervm ConcurrentClientAccessTest
*/
@@ -58,46 +62,92 @@ public class ConcurrentClientAccessTest {
private static final int THREADS = 50;
public static void main(String[] args) throws Exception {
-
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
- for (String tlsProtocol : new String[]{"TLSv1.3", "TLSv1.2",
- "TLSv1.1", "TLSv1"}) {
- System.out.printf("Protocol: %s%n", tlsProtocol);
- CountDownLatch tillServerReady = new CountDownLatch(1);
- Server server = new Server(tlsProtocol, tillServerReady);
- server.start();
-
- // Wait till server is ready to accept connection.
- tillServerReady.await();
- CountDownLatch tillClientComplete = new CountDownLatch(THREADS);
- ExecutorService executor = null;
- try {
- executor = newExecutorService();
- // Run 50 TLS clients for concurrent access to TLS Port.
- for (int count = 1; count <= THREADS; count++) {
- Client client = new Client(tlsProtocol, server.port,
- tillClientComplete);
- executor.execute(client);
- // If Client has any Exception indicates problem
- if (client.exception != null) {
- throw new RuntimeException(client.exception);
+ String[] protocols = new String[]{"TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1"};
+ if (!(Utils.isFIPS())) {
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ }
+ // else {
+ // protocols = new String[]{"TLSv1.3", "TLSv1.2"};
+ // }
+ for (String tlsProtocol : protocols) {
+ Server server = null;
+ try{
+ System.out.printf("Protocol: %s%n", tlsProtocol);
+ CountDownLatch tillServerReady = new CountDownLatch(1);
+ server = new Server(tlsProtocol, tillServerReady);
+ server.start();
+
+ // Wait till server is ready to accept connection.
+ tillServerReady.await();
+ CountDownLatch tillClientComplete = new CountDownLatch(THREADS);
+ ExecutorService executor = null;
+ try {
+ executor = newExecutorService();
+ // Run 50 TLS clients for concurrent access to TLS Port.
+ for (int count = 1; count <= THREADS; count++) {
+ Client client = null;
+ try {
+ client = new Client(tlsProtocol, server.port,
+ tillClientComplete);
+ executor.execute(client);
+ // If Client has any Exception indicates problem
+ if (client.exception != null) {
+ throw new RuntimeException(client.exception);
+ }
+ } catch (java.lang.RuntimeException re) {
+ if (client.exception != null) {
+ if (client.exception instanceof javax.net.ssl.SSLHandshakeException) {
+ if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(client.exception.getMessage())) {
+ System.out.println("Expected exception msg: is caught");
+ return;
+ } else {
+ System.out.println("Unexpected exception msg: <" + client.exception.getMessage() + "> is caught");
+ return;
+ }
+ } else {
+ System.out.println("Unexpected exception is caught");
+ client.exception.printStackTrace();
+ return;
+ }
+ }
+ }
+ }
+ // Wait till all client thread complete execution
+ tillClientComplete.await();
+ System.out.println("All client processed successfully.");
+ } finally {
+ if (executor != null) {
+ executor.shutdown();
}
+ // Fail Safe: Shutdown the server
+ server.stopServer();
}
- // Wait till all client thread complete execution
- tillClientComplete.await();
- System.out.println("All client processed successfully.");
- } finally {
- if (executor != null) {
- executor.shutdown();
+ // If Sever has any Exception indicates problem
+ if (server.exception != null) {
+ throw new RuntimeException(server.exception);
+ }
+ System.out.println();
+ } catch (java.lang.RuntimeException re) {
+ if (Utils.isFIPS()) {
+ if (!SecurityUtils.TLS_PROTOCOLS.contains(tlsProtocol)) {
+ if (server.exception != null) {
+ if (server.exception instanceof javax.net.ssl.SSLHandshakeException) {
+ if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(server.exception.getMessage())) {
+ System.out.println("Expected exception msg: is caught");
+ return;
+ } else {
+ System.out.println("Unexpected exception msg: <" + server.exception.getMessage() + "> is caught");
+ return;
+ }
+ } else {
+ System.out.println("Unexpected exception is caught");
+ server.exception.printStackTrace();
+ return;
+ }
+ }
+ }
}
- // Fail Safe: Shutdown the server
- server.stopServer();
- }
- // If Sever has any Exception indicates problem
- if (server.exception != null) {
- throw new RuntimeException(server.exception);
}
- System.out.println();
}
}
diff --git a/test/jdk/javax/net/ssl/TLSCommon/SSLEngineTestCase.java b/test/jdk/javax/net/ssl/TLSCommon/SSLEngineTestCase.java
index dce28edadf2..51eb6b729d3 100644
--- a/test/jdk/javax/net/ssl/TLSCommon/SSLEngineTestCase.java
+++ b/test/jdk/javax/net/ssl/TLSCommon/SSLEngineTestCase.java
@@ -180,7 +180,7 @@ public enum HandshakeMode {
private static final String SERVER_NAME = "service.localhost";
private static final String SNI_PATTERN = ".*";
- private static final String[] TLS13_CIPHERS = {
+ private static String[] TLS13_CIPHERS = {
"TLS_AES_256_GCM_SHA384",
"TLS_AES_128_GCM_SHA256",
"TLS_CHACHA20_POLY1305_SHA256"
@@ -188,7 +188,15 @@ public enum HandshakeMode {
private static final String[] SUPPORTED_NON_KRB_CIPHERS;
+ private static final boolean ISFIPS = Boolean.parseBoolean(System.getProperty("semeru.fips"));
+
static {
+ if (ISFIPS) {
+ TLS13_CIPHERS = new String[] {
+ "TLS_AES_256_GCM_SHA384",
+ "TLS_AES_128_GCM_SHA256"
+ };
+ }
try {
String[] allSupportedCiphers = getContext()
.createSSLEngine().getSupportedCipherSuites();
@@ -796,10 +804,12 @@ public static void checkResult(SSLEngineResult r,
*/
public static SSLContext getContext() {
try {
- java.security.Security.setProperty(
- "jdk.tls.disabledAlgorithms", "");
- java.security.Security.setProperty(
- "jdk.certpath.disabledAlgorithms", "");
+ if (!(ISFIPS)) {
+ java.security.Security.setProperty(
+ "jdk.tls.disabledAlgorithms", "");
+ java.security.Security.setProperty(
+ "jdk.certpath.disabledAlgorithms", "");
+ }
KeyStore ks = KeyStore.getInstance("JKS");
KeyStore ts = KeyStore.getInstance("JKS");
char[] passphrase = PASSWD.toCharArray();
@@ -848,7 +858,7 @@ public static void setUpAndStartKDC() {
* SSLEngineTestCase.TEST_MODE is "krb".
*/
public static void setUpAndStartKDCIfNeeded() {
- if (TEST_MODE.equals("krb")) {
+ if (TEST_MODE.equals("krb") && !ISFIPS) {
setUpAndStartKDC();
}
}
diff --git a/test/jdk/javax/net/ssl/TLSCommon/TLSTest.java b/test/jdk/javax/net/ssl/TLSCommon/TLSTest.java
index 74b5c828f48..2a614683e57 100644
--- a/test/jdk/javax/net/ssl/TLSCommon/TLSTest.java
+++ b/test/jdk/javax/net/ssl/TLSCommon/TLSTest.java
@@ -54,9 +54,13 @@
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
/*
* @test
* @bug 8205111
+ * @library /test/lib
* @summary Test TLS with different types of supported keys.
* @run main/othervm TLSTest TLSv1.3 rsa_pkcs1_sha1 TLS_AES_128_GCM_SHA256
* @run main/othervm
@@ -159,16 +163,81 @@ public static void main(String[] args) throws Exception {
final String tlsProtocol = args[0];
final KeyType keyType = KeyType.valueOf(args[1]);
final String cipher = args[2];
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ if (!(Utils.isFIPS())) {
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ }
+
CountDownLatch serverReady = new CountDownLatch(1);
Server server = new Server(tlsProtocol, keyType, cipher, serverReady);
server.start();
// Wait till server is ready to accept connection.
serverReady.await();
- new Client(tlsProtocol, keyType, cipher, server.port).doClientSide();
+ try {
+ new Client(tlsProtocol, keyType, cipher, server.port).doClientSide();
+ } catch (javax.net.ssl.SSLHandshakeException sslhe) {
+ if (Utils.isFIPS()) {
+ if (!SecurityUtils.TLS_PROTOCOLS.contains(tlsProtocol)) {
+ System.out.println(tlsProtocol + " is not available from Client side.");
+ }
+ if (!SecurityUtils.TLS_CIPHERSUITES.containsKey(cipher)) {
+ System.out.println(cipher + " is not available from Client side.");
+ } else if (!SecurityUtils.TLS_CIPHERSUITES.get(cipher).equals(tlsProtocol)) {
+ System.out.println(cipher + " does not match " + tlsProtocol + " from Client side.");
+ }
+ if (args[1].contains("sha1")) {
+ System.out.println("FIPS140-3 does not support SHA1 from Client side.");
+ }
+ if ("No available authentication scheme".equals(sslhe.getMessage())) {
+ System.out.println("Expected exception msg: is caught from Client side");
+ return;
+ } else {
+ System.out.println("Unexpected exception msg: <" + sslhe.getMessage() + "> is caught from Client side");
+ return;
+ }
+ } else {
+ sslhe.printStackTrace();
+ return;
+ }
+ } catch (java.lang.ExceptionInInitializerError eiie) {
+ Throwable cause = eiie.getCause();
+ if (cause instanceof java.lang.IllegalArgumentException) {
+ if (Utils.isFIPS()
+ && ("System property jdk.tls.namedGroups(" + System.getProperty("jdk.tls.namedGroups") + ") contains no supported named groups").equals(cause.getMessage())) {
+ System.out.println("Expected msg is caught from Client side.");
+ return;
+ }
+ }
+ }
if (server.serverExc != null) {
- throw new RuntimeException(server.serverExc);
+ if (Utils.isFIPS()) {
+ if (!SecurityUtils.TLS_PROTOCOLS.contains(tlsProtocol)) {
+ System.out.println(tlsProtocol + " is not available from Server side.");
+ }
+ if (!SecurityUtils.TLS_CIPHERSUITES.containsKey(cipher)) {
+ System.out.println(cipher + " is not available from Server side.");
+ } else if (!SecurityUtils.TLS_CIPHERSUITES.get(cipher).equals(tlsProtocol)) {
+ System.out.println(cipher + " does not match " + tlsProtocol + " from Server side.");
+ }
+ if (args[1].contains("sha1")) {
+ System.out.println("FIPS140-3 does not support SHA1 from Server side.");
+ }
+ if (server.serverExc instanceof javax.net.ssl.SSLHandshakeException) {
+ if ("No available authentication scheme".equals(server.serverExc.getMessage())) {
+ System.out.println("Expected exception msg: is caught from Server side");
+ return;
+ } else {
+ System.out.println("Unexpected exception msg: <" + server.serverExc.getMessage() + "> is caught from Server side");
+ return;
+ }
+ } else {
+ System.out.println("Unexpected exception is caught from Server side");
+ server.serverExc.printStackTrace();
+ return;
+ }
+ } else {
+ throw new RuntimeException(server.serverExc);
+ }
}
}
diff --git a/test/jdk/javax/net/ssl/TLSCommon/TLSWithEdDSA.java b/test/jdk/javax/net/ssl/TLSCommon/TLSWithEdDSA.java
index 3fabc5bd73c..ed6f3ce283a 100644
--- a/test/jdk/javax/net/ssl/TLSCommon/TLSWithEdDSA.java
+++ b/test/jdk/javax/net/ssl/TLSCommon/TLSWithEdDSA.java
@@ -47,6 +47,7 @@
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
@@ -71,6 +72,7 @@
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;
+import jdk.test.lib.Utils;
import jdk.test.lib.security.SecurityUtils;
public class TLSWithEdDSA extends SSLSocketTemplate {
@@ -81,7 +83,7 @@ public class TLSWithEdDSA extends SSLSocketTemplate {
private static final String DEF_ALL_EE = "EE_ECDSA_SECP256R1:" +
"EE_ECDSA_SECP384R1:EE_ECDSA_SECP521R1:EE_RSA_2048:" +
"EE_EC_RSA_SECP256R1:EE_DSA_2048:EE_DSA_1024:EE_ED25519:EE_ED448";
- private static final List TEST_PROTOS = List.of(
+ private static List TEST_PROTOS = List.of(
"TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1");
private static CertificateFactory certFac;
@@ -342,7 +344,7 @@ private static KeyStore createTrustStore(String certEnumNames)
* the private key or certificate entries.
*/
private static KeyStore createKeyStore(String certEnumNames, char[] pass)
- throws GeneralSecurityException {
+ throws GeneralSecurityException, NoSuchAlgorithmException {
KeyStore.Builder keyStoreBuilder =
KeyStore.Builder.newInstance("PKCS12", null,
new KeyStore.PasswordProtection(pass));
@@ -393,7 +395,7 @@ private static X509Certificate pem2Cert(String certPem)
* @throws GeneralSecurityException if any decoding errors occur.
*/
private static PrivateKey pem2PrivKey(String keyPem, String keyAlg)
- throws GeneralSecurityException {
+ throws GeneralSecurityException, NoSuchAlgorithmException {
PKCS8EncodedKeySpec p8Spec = new PKCS8EncodedKeySpec(
Base64.getMimeDecoder().decode(keyPem));
KeyFactory keyFac = KeyFactory.getInstance(keyAlg);
@@ -556,13 +558,24 @@ protected void runClientApplication(SSLSocket socket) throws Exception {
}
public static void main(String[] args) throws Exception {
- SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1", "TLSv1");
+ if (!(Utils.isFIPS())) {
+ SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1", "TLSv1");
+ }
certFac = CertificateFactory.getInstance("X.509");
String testFormat;
System.out.println("===== Test KeyManager alias retrieval =====");
- testKeyManager(DEF_ALL_EE, "EdDSA",
- new String[] {"ee_ed25519", "ee_ed448"});
+ try {
+ testKeyManager(DEF_ALL_EE, "EdDSA",
+ new String[] {"ee_ed25519", "ee_ed448"});
+ } catch (NoSuchAlgorithmException nsae) {
+ if (Utils.isFIPS()) {
+ if ("EdDSA KeyFactory not available".equals(nsae.getMessage())){
+ System.out.println("Expected exception msg: is caught.");
+ return;
+ }
+ }
+ }
testFormat =
"===== Basic Ed25519 Server-side Authentication: %s =====\n";
@@ -593,7 +606,7 @@ public static void main(String[] args) throws Exception {
private static void testKeyManager(String keyStoreSpec, String keyType,
String[] expAliases)
- throws GeneralSecurityException, IOException {
+ throws GeneralSecurityException, NoSuchAlgorithmException, IOException {
char[] passChar = PASSWD.toCharArray();
// Create the KeyManager factory and resulting KeyManager
@@ -626,6 +639,10 @@ private static void testKeyManager(String keyStoreSpec, String keyType,
private static void runtest(String testNameFmt, SessionChecker cliChk,
Class extends Throwable> cliExpExc, SessionChecker servChk,
Class extends Throwable> servExpExc) {
+ // if (!(Utils.isFIPS())) {
+ // TEST_PROTOS = List.of(
+ // "TLSv1.3", "TLSv1.2");
+ // }
TEST_PROTOS.forEach(protocol -> {
clientParameters.put(ParamType.PROTOS, protocol);
TLSWithEdDSA testObj = new TLSWithEdDSA(cliChk, cliExpExc, servChk,
diff --git a/test/jdk/javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java b/test/jdk/javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java
index 092a6e4aee8..8d41182074b 100644
--- a/test/jdk/javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java
+++ b/test/jdk/javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java
@@ -46,35 +46,63 @@
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
/*
* @test
* @bug 8206355 8225438
+ * @library /test/lib
* @summary Test principal that was sent to the peer during handshake.
* @run main/othervm TestSessionLocalPrincipal
*/
public class TestSessionLocalPrincipal {
public static void main(String[] args) throws Exception {
-
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
- for (String tlsProtocol : new String[]{
- "TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1"}) {
+ String[] protocols = new String[]{"TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1"};
+ if (!(Utils.isFIPS())) {
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ }
+ for (String tlsProtocol : protocols) {
for (boolean clientAuth : new boolean[]{true, false}) {
- System.out.printf("Protocol %s: Client side auth enabled: %s%n",
- tlsProtocol, clientAuth);
- CountDownLatch serverReady = new CountDownLatch(1);
- Server server = new Server(tlsProtocol, clientAuth,
- serverReady);
- server.start();
-
- // Wait till server is ready to accept connection.
- serverReady.await();
- new Client(tlsProtocol, clientAuth, server.port).doClientSide();
- if (server.serverExc != null) {
- throw new RuntimeException(server.serverExc);
+ Server server = null;
+ try {
+ System.out.printf("Protocol %s: Client side auth enabled: %s%n",
+ tlsProtocol, clientAuth);
+ CountDownLatch serverReady = new CountDownLatch(1);
+ server = new Server(tlsProtocol, clientAuth,
+ serverReady);
+ server.start();
+
+ // Wait till server is ready to accept connection.
+ serverReady.await();
+ new Client(tlsProtocol, clientAuth, server.port).doClientSide();
+ if (server.serverExc != null) {
+ throw new RuntimeException(server.serverExc);
+ }
+ } catch (java.lang.RuntimeException re) {
+ if (Utils.isFIPS()) {
+ if (!SecurityUtils.TLS_PROTOCOLS.contains(tlsProtocol)) {
+ if (server.serverExc != null) {
+ if (server.serverExc instanceof javax.net.ssl.SSLHandshakeException) {
+ if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(server.serverExc.getMessage())) {
+ System.out.println("Expected exception msg: is caught");
+ return;
+ } else {
+ System.out.println("Unexpected exception msg: <" + server.serverExc.getMessage() + "> is caught");
+ return;
+ }
+ } else {
+ System.out.println("Unexpected exception is caught");
+ server.serverExc.printStackTrace();
+ return;
+ }
+ }
+ }
+ }
}
}
- }
+ }
}
public static class Server implements Runnable {
diff --git a/test/jdk/javax/net/ssl/TLSTest_java.security b/test/jdk/javax/net/ssl/TLSTest_java.security
new file mode 100644
index 00000000000..3b7b200d5fe
--- /dev/null
+++ b/test/jdk/javax/net/ssl/TLSTest_java.security
@@ -0,0 +1,20 @@
+# Test-TLS Restricted Security mode profile for FIPS 140-3. This profile is a test profile that extends
+# OpenJCEPlusFIPS.FIPS140-3. This profile also includes non-cryptographic algorithms and common configuration
+# options such as, PKCS12, JKS from SUN and PBE related services from SunJCE.
+#
+RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS.desc.name = Test-TLS OpenJCEPlusFIPS Cryptographic Module FIPS 140-3
+RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS.desc.default = false
+RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS.extends = RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3
+
+RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS.jce.provider.2 = sun.security.provider.Sun [+ \
+ {KeyStore, JKS, *}, \
+ {KeyStore, PKCS12, *}, \
+ {MessageDigest, SHA-1, *}]
+
+RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS.jce.provider.4 = com.sun.crypto.provider.SunJCE [{AlgorithmParameters, PBES2, *}, \
+ {AlgorithmParameters, PBEWithHmacSHA256AndAES_256, *}, \
+ {AlgorithmParameters, PBEWithMD5AndDES, *}, \
+ {SecretKeyFactory, PBEWithMD5AndDES, *}, \
+ {Cipher, PBEWithHmacSHA256AndAES_256, *}, \
+ {Mac, HmacSHA1, *},\
+ {Mac, HmacPBESHA256, *}]
diff --git a/test/jdk/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java b/test/jdk/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java
index 7469333e2e0..7741cde0efc 100644
--- a/test/jdk/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java
+++ b/test/jdk/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java
@@ -32,6 +32,7 @@
* @test
* @bug 4873188
* @summary Support TLS 1.1
+ * @library /test/lib
* @run main/othervm EmptyCertificateAuthorities
* @modules java.security.jgss
* java.security.jgss/sun.security.jgss.krb5
@@ -62,6 +63,9 @@
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class EmptyCertificateAuthorities {
/*
@@ -250,10 +254,12 @@ private void initialize() throws CertificateException {
public static void main(String[] args) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
- Security.setProperty("jdk.certpath.disabledAlgorithms",
- "MD2, RSA keySize < 1024");
- Security.setProperty("jdk.tls.disabledAlgorithms",
- "SSLv3, RC4, DH keySize < 768");
+ if (!(Utils.isFIPS())) {
+ Security.setProperty("jdk.certpath.disabledAlgorithms",
+ "MD2, RSA keySize < 1024");
+ Security.setProperty("jdk.tls.disabledAlgorithms",
+ "SSLv3, RC4, DH keySize < 768");
+ }
String keyFilename =
System.getProperty("test.src", ".") + "/" + pathToStores +
@@ -273,7 +279,19 @@ public static void main(String[] args) throws Exception {
/*
* Start the tests.
*/
- new EmptyCertificateAuthorities();
+ try {
+ new EmptyCertificateAuthorities();
+ } catch (javax.net.ssl.SSLHandshakeException sslhe) {
+ if (Utils.isFIPS()) {
+ if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) {
+ System.out.println("Expected exception msg: is caught");
+ return;
+ }
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ return;
+ }
}
Thread clientThread = null;
diff --git a/test/jdk/javax/net/ssl/TLSv11/GenericBlockCipher.java b/test/jdk/javax/net/ssl/TLSv11/GenericBlockCipher.java
index 24933838e05..91a81be9765 100644
--- a/test/jdk/javax/net/ssl/TLSv11/GenericBlockCipher.java
+++ b/test/jdk/javax/net/ssl/TLSv11/GenericBlockCipher.java
@@ -51,6 +51,7 @@
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
+import jdk.test.lib.Utils;
import jdk.test.lib.security.SecurityUtils;
public class GenericBlockCipher {
@@ -150,7 +151,7 @@ void doClientSide() throws Exception {
// enable a block cipher
sslSocket.setEnabledCipherSuites(
- new String[] {"TLS_RSA_WITH_AES_128_CBC_SHA"});
+ new String[] {"TLS_RSA_WITH_AES_128_CBC_SHA"});
InputStream sslIS = sslSocket.getInputStream();
OutputStream sslOS = sslSocket.getOutputStream();
@@ -175,7 +176,9 @@ void doClientSide() throws Exception {
public static void main(String[] args) throws Exception {
// Re-enable TLSv1.1 since test depends on it.
- SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1");
+ if (!(Utils.isFIPS())) {
+ SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1");
+ }
String keyFilename =
System.getProperty("test.src", ".") + "/" + pathToStores +
@@ -195,7 +198,19 @@ public static void main(String[] args) throws Exception {
/*
* Start the tests.
*/
- new GenericBlockCipher();
+ try {
+ new GenericBlockCipher();
+ } catch (javax.net.ssl.SSLHandshakeException sslhe) {
+ if (Utils.isFIPS()) {
+ if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) {
+ System.out.println("Expected exception msg: is caught");
+ return;
+ }
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ return;
+ }
}
Thread clientThread = null;
diff --git a/test/jdk/javax/net/ssl/TLSv11/GenericStreamCipher.java b/test/jdk/javax/net/ssl/TLSv11/GenericStreamCipher.java
index 99a6599c129..6394e80c6fc 100644
--- a/test/jdk/javax/net/ssl/TLSv11/GenericStreamCipher.java
+++ b/test/jdk/javax/net/ssl/TLSv11/GenericStreamCipher.java
@@ -27,6 +27,7 @@
* @test
* @bug 4873188
* @summary Support TLS 1.1
+ * @library /test/lib
* @modules java.security.jgss
* java.security.jgss/sun.security.jgss.krb5
* java.security.jgss/sun.security.krb5:+open
@@ -51,6 +52,9 @@
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class GenericStreamCipher {
/*
@@ -107,7 +111,7 @@ void doServerSide() throws Exception {
// enable a stream cipher
sslServerSocket.setEnabledCipherSuites(
- new String[] {"SSL_RSA_WITH_RC4_128_MD5"});
+ new String[] {"SSL_RSA_WITH_RC4_128_MD5"});
serverPort = sslServerSocket.getLocalPort();
@@ -152,7 +156,7 @@ void doClientSide() throws Exception {
// enable a stream cipher
sslSocket.setEnabledCipherSuites(
- new String[] {"SSL_RSA_WITH_RC4_128_MD5"});
+ new String[] {"SSL_RSA_WITH_RC4_128_MD5"});
InputStream sslIS = sslSocket.getInputStream();
OutputStream sslOS = sslSocket.getOutputStream();
@@ -178,7 +182,9 @@ void doClientSide() throws Exception {
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ if (!(Utils.isFIPS())) {
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ }
String keyFilename =
System.getProperty("test.src", ".") + "/" + pathToStores +
@@ -198,7 +204,19 @@ public static void main(String[] args) throws Exception {
/*
* Start the tests.
*/
- new GenericStreamCipher();
+ try {
+ new GenericStreamCipher();
+ } catch (javax.net.ssl.SSLHandshakeException sslhe) {
+ if (Utils.isFIPS()) {
+ if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) {
+ System.out.println("Expected exception msg: is caught");
+ return;
+ }
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ return;
+ }
}
Thread clientThread = null;
diff --git a/test/jdk/javax/net/ssl/TLSv12/DisabledShortDSAKeys.java b/test/jdk/javax/net/ssl/TLSv12/DisabledShortDSAKeys.java
index 39937f8b743..6de3768863b 100644
--- a/test/jdk/javax/net/ssl/TLSv12/DisabledShortDSAKeys.java
+++ b/test/jdk/javax/net/ssl/TLSv12/DisabledShortDSAKeys.java
@@ -31,6 +31,7 @@
* @bug 8139565
* @summary Restrict certificates with DSA keys less than 1024 bits
* @library /javax/net/ssl/templates
+ * @library /test/lib
* @run main/othervm DisabledShortDSAKeys PKIX TLSv1.2
* @run main/othervm DisabledShortDSAKeys SunX509 TLSv1.2
* @run main/othervm DisabledShortDSAKeys PKIX TLSv1.1
@@ -54,6 +55,8 @@
import java.security.interfaces.*;
import java.util.Base64;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
public class DisabledShortDSAKeys extends SSLContextTemplate {
@@ -175,11 +178,12 @@ protected ContextParameters getClientContextParameters() {
volatile Exception clientException = null;
public static void main(String[] args) throws Exception {
- Security.setProperty("jdk.certpath.disabledAlgorithms",
- "DSA keySize < 1024");
- Security.setProperty("jdk.tls.disabledAlgorithms",
- "DSA keySize < 1024");
-
+ if (!(Utils.isFIPS())) {
+ Security.setProperty("jdk.certpath.disabledAlgorithms",
+ "DSA keySize < 1024");
+ Security.setProperty("jdk.tls.disabledAlgorithms",
+ "DSA keySize < 1024");
+ }
if (debug) {
System.setProperty("javax.net.debug", "all");
}
diff --git a/test/jdk/javax/net/ssl/TLSv12/DisabledShortRSAKeys.java b/test/jdk/javax/net/ssl/TLSv12/DisabledShortRSAKeys.java
index 3f275d8a285..36e4c61aab6 100644
--- a/test/jdk/javax/net/ssl/TLSv12/DisabledShortRSAKeys.java
+++ b/test/jdk/javax/net/ssl/TLSv12/DisabledShortRSAKeys.java
@@ -31,6 +31,7 @@
* @bug 7109274
* @summary Consider disabling support for X.509 certificates with RSA keys
* less than 1024 bits
+ * @library /test/lib
* @library /javax/net/ssl/templates
* @run main/othervm DisabledShortRSAKeys PKIX TLSv1.2
* @run main/othervm DisabledShortRSAKeys SunX509 TLSv1.2
@@ -46,6 +47,9 @@
import javax.net.ssl.*;
import java.security.Security;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class DisabledShortRSAKeys extends SSLSocketTemplate {
/*
@@ -63,14 +67,24 @@ public DisabledShortRSAKeys(String tmAlgorithm, String enabledProtocol) {
@Override
public SSLContext createClientSSLContext() throws Exception {
- return createSSLContext(new Cert[]{Cert.CA_RSA_512}, null,
+ if (Utils.isFIPS()) {
+ return createSSLContext(new Cert[]{Cert.CA_RSA_2048}, null,
+ new ContextParameters(enabledProtocol, tmAlgorithm, "NewSunX509"));
+ } else {
+ return createSSLContext(new Cert[]{Cert.CA_RSA_512}, null,
new ContextParameters(enabledProtocol, tmAlgorithm, "NewSunX509"));
+ }
}
@Override
public SSLContext createServerSSLContext() throws Exception {
- return createSSLContext(null, new Cert[]{Cert.EE_RSA_512},
+ if (Utils.isFIPS()) {
+ return createSSLContext(new Cert[]{Cert.EE_RSA_2048}, null,
new ContextParameters(enabledProtocol, tmAlgorithm, "NewSunX509"));
+ } else {
+ return createSSLContext(null, new Cert[]{Cert.EE_RSA_512},
+ new ContextParameters(enabledProtocol, tmAlgorithm, "NewSunX509"));
+ }
}
@Override
@@ -109,10 +123,12 @@ protected void runClientApplication(SSLSocket socket) throws Exception {
}
public static void main(String[] args) throws Exception {
- Security.setProperty("jdk.certpath.disabledAlgorithms",
- "RSA keySize < 1024");
- Security.setProperty("jdk.tls.disabledAlgorithms",
- "RSA keySize < 1024");
+ if (!(Utils.isFIPS())) {
+ Security.setProperty("jdk.certpath.disabledAlgorithms",
+ "RSA keySize < 1024");
+ Security.setProperty("jdk.tls.disabledAlgorithms",
+ "RSA keySize < 1024");
+ }
if (debug) {
System.setProperty("javax.net.debug", "all");
@@ -126,4 +142,4 @@ public static void main(String[] args) throws Exception {
*/
new DisabledShortRSAKeys(tmAlgorithm, enabledProtocol).run();
}
-}
+}
\ No newline at end of file
diff --git a/test/jdk/javax/net/ssl/TLSv12/ProtocolFilter.java b/test/jdk/javax/net/ssl/TLSv12/ProtocolFilter.java
index ec58bc74d0c..152ac7aed87 100644
--- a/test/jdk/javax/net/ssl/TLSv12/ProtocolFilter.java
+++ b/test/jdk/javax/net/ssl/TLSv12/ProtocolFilter.java
@@ -27,6 +27,7 @@
/*
* @test
* @bug 8052406
+ * @library /test/lib
* @summary SSLv2Hello protocol may be filter out unexpectedly
* @run main/othervm ProtocolFilter
*/
@@ -35,6 +36,9 @@
import java.net.*;
import javax.net.ssl.*;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class ProtocolFilter {
/*
@@ -90,8 +94,13 @@ void doServerSide() throws Exception {
(SSLServerSocket) sslssf.createServerSocket(serverPort);
// Only enable cipher suites for TLS v1.2.
- sslServerSocket.setEnabledCipherSuites(
- new String[]{"TLS_RSA_WITH_AES_128_CBC_SHA256"});
+ if (Utils.isFIPS()) {
+ sslServerSocket.setEnabledCipherSuites(
+ new String[]{"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"});
+ } else {
+ sslServerSocket.setEnabledCipherSuites(
+ new String[]{"TLS_RSA_WITH_AES_128_CBC_SHA256"});
+ }
serverPort = sslServerSocket.getLocalPort();
@@ -163,6 +172,11 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", ".") + "/" + pathToStores +
"/" + trustStoreFile;
+ if (Utils.isFIPS()) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
diff --git a/test/jdk/javax/net/ssl/TLSv12/ShortRSAKey512.java b/test/jdk/javax/net/ssl/TLSv12/ShortRSAKey512.java
index c9ff202bd2c..c53ae0dd9b2 100644
--- a/test/jdk/javax/net/ssl/TLSv12/ShortRSAKey512.java
+++ b/test/jdk/javax/net/ssl/TLSv12/ShortRSAKey512.java
@@ -29,6 +29,7 @@
/*
* @test
* @bug 7106773
+ * @library /test/lib
* @summary 512 bits RSA key cannot work with SHA384 and SHA512
*
* SunJSSE does not support dynamic system properties, no way to re-use
@@ -43,6 +44,8 @@
import javax.net.ssl.*;
import java.security.Security;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
public class ShortRSAKey512 extends SSLContextTemplate {
@@ -170,9 +173,11 @@ private static void parseArguments(String[] args) {
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
- Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");
- Security.setProperty("jdk.tls.disabledAlgorithms",
- "SSLv3, RC4, DH keySize < 768");
+ if (!(Utils.isFIPS())) {
+ Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");
+ Security.setProperty("jdk.tls.disabledAlgorithms",
+ "SSLv3, RC4, DH keySize < 768");
+ }
if (debug)
System.setProperty("javax.net.debug", "all");
@@ -185,7 +190,14 @@ public static void main(String[] args) throws Exception {
/*
* Start the tests.
*/
- new ShortRSAKey512();
+ try {
+ new ShortRSAKey512();
+ } catch (java.security.spec.InvalidKeySpecException ikse) {
+ if (Utils.isFIPS()) {
+ System.out.println("Inappropriate key specification: RSA keys must be at least 1024 bits long");
+ return;
+ }
+ }
}
Thread clientThread = null;
@@ -304,4 +316,4 @@ public void run() {
}
}
}
-}
+}
\ No newline at end of file
diff --git a/test/jdk/javax/net/ssl/TLSv12/ShortRSAKeyGCM.java b/test/jdk/javax/net/ssl/TLSv12/ShortRSAKeyGCM.java
index df6767eadfb..d5b38ad67f1 100644
--- a/test/jdk/javax/net/ssl/TLSv12/ShortRSAKeyGCM.java
+++ b/test/jdk/javax/net/ssl/TLSv12/ShortRSAKeyGCM.java
@@ -33,6 +33,7 @@
* @bug 7030966
* @summary Support AEAD CipherSuites
* @library /javax/net/ssl/templates
+ * @library /test/lib
* @run main/othervm ShortRSAKeyGCM PKIX TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* @run main/othervm ShortRSAKeyGCM PKIX TLS_RSA_WITH_AES_128_GCM_SHA256
* @run main/othervm ShortRSAKeyGCM PKIX TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
@@ -70,6 +71,8 @@
import java.security.spec.*;
import java.security.interfaces.*;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
public class ShortRSAKeyGCM extends SSLContextTemplate {
@@ -196,9 +199,11 @@ protected ContextParameters getClientContextParameters() {
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
- Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");
- Security.setProperty("jdk.tls.disabledAlgorithms",
- "SSLv3, RC4, DH keySize < 768");
+ if (!(Utils.isFIPS())) {
+ Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");
+ Security.setProperty("jdk.tls.disabledAlgorithms",
+ "SSLv3, RC4, DH keySize < 768");
+ }
if (debug) {
System.setProperty("javax.net.debug", "all");
@@ -209,10 +214,29 @@ public static void main(String[] args) throws Exception {
*/
parseArguments(args);
+ if (Utils.isFIPS()) {
+ if (!SecurityUtils.TLS_CIPHERSUITES.containsKey(cipherSuite)) {
+ System.out.println(cipherSuite + " is not supported.");
+ return;
+ }
+ }
+
/*
* Start the tests.
*/
- new ShortRSAKeyGCM();
+ try {
+ new ShortRSAKeyGCM();
+ } catch (java.security.spec.InvalidKeySpecException ikse) {
+ if (Utils.isFIPS()) {
+ if ("Inappropriate key specification: RSA keys must be at least 1024 bits long".equals(ikse.getMessage())) {
+ System.out.println("Expected exception msg: is caught");
+ return;
+ }
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ return;
+ }
}
Thread clientThread = null;
@@ -337,4 +361,4 @@ public void run() {
}
}
}
-}
+}
\ No newline at end of file
diff --git a/test/jdk/javax/net/ssl/TLSv12/SignatureAlgorithms.java b/test/jdk/javax/net/ssl/TLSv12/SignatureAlgorithms.java
index 52191ec0882..ac8c5d986ca 100644
--- a/test/jdk/javax/net/ssl/TLSv12/SignatureAlgorithms.java
+++ b/test/jdk/javax/net/ssl/TLSv12/SignatureAlgorithms.java
@@ -33,6 +33,7 @@
* @bug 8049321
* @summary Support SHA256WithDSA in JSSE
* @library /javax/net/ssl/templates
+ * @library /test/lib
* @run main/othervm SignatureAlgorithms PKIX "SHA-224,SHA-256"
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA
* @run main/othervm SignatureAlgorithms PKIX "SHA-1,SHA-224"
@@ -54,6 +55,9 @@
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class SignatureAlgorithms extends SSLContextTemplate {
/*
@@ -79,11 +83,11 @@ public class SignatureAlgorithms extends SSLContextTemplate {
*/
volatile boolean serverReady = false;
- private final Cert[] SERVER_CERTS = {
- SSLContextTemplate.Cert.EE_DSA_SHA1_1024,
- SSLContextTemplate.Cert.EE_DSA_SHA224_1024,
- SSLContextTemplate.Cert.EE_DSA_SHA256_1024,
- };
+ private static Cert[] SERVER_CERTS = {
+ SSLContextTemplate.Cert.EE_DSA_SHA1_1024,
+ SSLContextTemplate.Cert.EE_DSA_SHA224_1024,
+ SSLContextTemplate.Cert.EE_DSA_SHA256_1024,
+};
/*
* Define the server side of the test.
@@ -133,8 +137,14 @@ void doClientSide() throws Exception {
while (!serverReady) {
Thread.sleep(50);
}
+ Cert[] trustedCerts;
- SSLContext context = createSSLContext(new Cert[]{Cert.CA_DSA_SHA1_1024}, null, getClientContextParameters());
+ if (Utils.isFIPS()) {
+ trustedCerts = new Cert[]{Cert.CA_RSA_2048};
+ } else {
+ trustedCerts = new Cert[]{Cert.CA_DSA_SHA1_1024};
+ }
+ SSLContext context = createSSLContext(trustedCerts, null, getClientContextParameters());
SSLSocketFactory sslsf = context.getSocketFactory();
try (SSLSocket sslSocket =
@@ -143,6 +153,7 @@ void doClientSide() throws Exception {
// enable TLSv1.2 only
sslSocket.setEnabledProtocols(new String[] {"TLSv1.2"});
+ System.out.println("In client side, the cipherSuite is: " + cipherSuite);
// enable a block cipher
sslSocket.setEnabledCipherSuites(new String[] {cipherSuite});
@@ -262,17 +273,31 @@ public static void main(String[] args) throws Exception {
return;
}
- /*
- * Expose the target algorithms by diabling unexpected algorithms.
- */
- Security.setProperty(
- "jdk.certpath.disabledAlgorithms", disabledAlgorithms);
+ if (!(Utils.isFIPS())) {
+ /*
+ * Expose the target algorithms by diabling unexpected algorithms.
+ */
+ Security.setProperty(
+ "jdk.certpath.disabledAlgorithms", disabledAlgorithms);
- /*
- * Reset the security property to make sure that the algorithms
- * and keys used in this test are not disabled by default.
- */
- Security.setProperty( "jdk.tls.disabledAlgorithms", "");
+ /*
+ * Reset the security property to make sure that the algorithms
+ * and keys used in this test are not disabled by default.
+ */
+ Security.setProperty( "jdk.tls.disabledAlgorithms", "");
+ } else {
+ if (!SecurityUtils.TLS_CIPHERSUITES.containsKey(cipherSuite)) {
+ System.out.println(cipherSuite + " is not available.");
+ } else if (!SecurityUtils.TLS_CIPHERSUITES.get(cipherSuite).equals("TLSv1.2")) {
+ System.out.println(cipherSuite + " does not match TLSv1.2");
+ }
+ SERVER_CERTS = new Cert[] {
+ SSLContextTemplate.Cert.EE_RSA_2048
+ };
+ disabledAlgorithms = "SHA-1";
+ // cipherSuite = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
+ cipherSuite = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
+ }
/*
* Start the tests.
@@ -402,4 +427,4 @@ public void run() {
}
}
}
-}
+}
\ No newline at end of file
diff --git a/test/jdk/javax/net/ssl/TLSv13/ClientHelloKeyShares.java b/test/jdk/javax/net/ssl/TLSv13/ClientHelloKeyShares.java
index da68b027e2d..f4120a9d6f5 100644
--- a/test/jdk/javax/net/ssl/TLSv13/ClientHelloKeyShares.java
+++ b/test/jdk/javax/net/ssl/TLSv13/ClientHelloKeyShares.java
@@ -35,6 +35,7 @@
* @test
* @bug 8247630
* @summary Use two key share entries
+ * @library /test/lib
* @run main/othervm ClientHelloKeyShares 29 23
* @run main/othervm -Djdk.tls.namedGroups=secp384r1,secp521r1,x448,ffdhe2048 ClientHelloKeyShares 24 30
* @run main/othervm -Djdk.tls.namedGroups=brainpoolP512r1tls13,x448,ffdhe2048 ClientHelloKeyShares 33 30
@@ -50,6 +51,8 @@
import java.nio.ByteBuffer;
import java.util.*;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
public class ClientHelloKeyShares {
@@ -69,9 +72,28 @@ public static void main(String args[]) throws Exception {
// values which will be the expected NamedGroup IDs in the key_share
// extension. Expected named group assertions may also be affected
// by setting the jdk.tls.namedGroups System property.
+
List expectedKeyShares = new ArrayList<>();
Arrays.stream(args).forEach(arg ->
expectedKeyShares.add(Integer.valueOf(arg)));
+ if (Utils.isFIPS()) {
+ expectedKeyShares.clear();
+ Map supportKeyShares = new HashMap<>();
+ supportKeyShares.put("secp256r1", 23);
+ supportKeyShares.put("secp384r1", 24);
+ supportKeyShares.put("secp521r1", 25);
+
+ if (System.getProperty("jdk.tls.namedGroups") == null) {
+ expectedKeyShares.add(23);
+ } else {
+ for (String nameGroup: System.getProperty("jdk.tls.namedGroups").split(",")) {
+ if (supportKeyShares.containsKey(nameGroup)) {
+ expectedKeyShares.add(supportKeyShares.get(nameGroup));
+ break;
+ }
+ }
+ }
+ }
SSLContext sslCtx = SSLContext.getDefault();
SSLEngine engine = sslCtx.createSSLEngine();
@@ -82,7 +104,19 @@ public static void main(String args[]) throws Exception {
ByteBuffer.allocateDirect(session.getPacketBufferSize());
// Create and check the ClientHello message
- SSLEngineResult clientResult = engine.wrap(clientOut, cTOs);
+ SSLEngineResult clientResult = null;
+ try {
+ clientResult = engine.wrap(clientOut, cTOs);
+ } catch (java.lang.ExceptionInInitializerError eiie) {
+ Throwable cause = eiie.getCause();
+ if (cause instanceof java.lang.IllegalArgumentException) {
+ if (Utils.isFIPS()
+ && ("System property jdk.tls.namedGroups(" + System.getProperty("jdk.tls.namedGroups") + ") contains no supported named groups").equals(cause.getMessage())) {
+ System.out.println("Expected msg is caught.");
+ return;
+ }
+ }
+ }
logResult("client wrap: ", clientResult);
if (clientResult.getStatus() != SSLEngineResult.Status.OK) {
throw new RuntimeException("Client wrap got status: " +
@@ -217,7 +251,7 @@ private static void checkClientHello(ByteBuffer data,
break;
case HELLO_EXT_SUPP_VERS:
foundSupVer = true;
- int supVerLen = Byte.toUnsignedInt(data.get());
+ int supVerLen = Byte.toUnsignedInt(data.get()); // 04
for (int remain = supVerLen; remain > 0; remain -= 2) {
foundTLS13 |= (Short.toUnsignedInt(data.getShort()) ==
TLS_PROT_VER_13);
@@ -232,7 +266,8 @@ private static void checkClientHello(ByteBuffer data,
foundKeyShare = true;
int ksListLen = Short.toUnsignedInt(data.getShort());
while (ksListLen > 0) {
- chKeyShares.add(Short.toUnsignedInt(data.getShort()));
+ int ks = Short.toUnsignedInt(data.getShort());
+ chKeyShares.add(ks);
int ksLen = Short.toUnsignedInt(data.getShort());
data.position(data.position() + ksLen);
ksListLen -= (4 + ksLen);
diff --git a/test/jdk/javax/net/ssl/TLSv13/HRRKeyShares.java b/test/jdk/javax/net/ssl/TLSv13/HRRKeyShares.java
index 313b2c5084b..cf5ab2224b4 100644
--- a/test/jdk/javax/net/ssl/TLSv13/HRRKeyShares.java
+++ b/test/jdk/javax/net/ssl/TLSv13/HRRKeyShares.java
@@ -45,6 +45,7 @@
import java.util.Map;
import java.util.Objects;
import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
public class HRRKeyShares {
@@ -311,8 +312,9 @@ private static void hrrKeyShareTest(int hrrNamedGroup, boolean expectedPass)
if (!initialCh.suppVersions.contains(TLS_PROT_VER_13)) {
throw new RuntimeException(
"Missing TLSv1.3 protocol in supported_versions");
- } else if (!initialCh.keyShares.containsKey(NG_X25519) ||
- !initialCh.keyShares.containsKey(NG_SECP256R1)) {
+ } else if (!(Utils.isFIPS()) &&
+ (!initialCh.keyShares.containsKey(NG_X25519) ||
+ !initialCh.keyShares.containsKey(NG_SECP256R1))) {
throw new RuntimeException(
"Missing one or more expected KeyShares");
}
diff --git a/test/jdk/javax/net/ssl/ciphersuites/DisabledAlgorithms.java b/test/jdk/javax/net/ssl/ciphersuites/DisabledAlgorithms.java
index 855e34b57f0..512eeebf6eb 100644
--- a/test/jdk/javax/net/ssl/ciphersuites/DisabledAlgorithms.java
+++ b/test/jdk/javax/net/ssl/ciphersuites/DisabledAlgorithms.java
@@ -25,6 +25,7 @@
* @test
* @bug 8076221 8211883 8279164
* @summary Check if weak cipher suites are disabled
+ * @library /test/lib
* @modules jdk.crypto.ec
* @run main/othervm DisabledAlgorithms default
* @run main/othervm DisabledAlgorithms empty
@@ -45,6 +46,9 @@
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class DisabledAlgorithms {
private static final String pathToStores = "../etc";
@@ -129,6 +133,9 @@ public static void main(String[] args) throws Exception {
checkFailure(disabled_ciphersuites);
break;
case "empty":
+ if (Utils.isFIPS()) {
+ return;
+ }
// reset jdk.tls.disabledAlgorithms
Security.setProperty("jdk.tls.disabledAlgorithms", "");
System.out.println("jdk.tls.disabledAlgorithms = "
diff --git a/test/jdk/javax/net/ssl/finalize/SSLSessionFinalizeTest.java b/test/jdk/javax/net/ssl/finalize/SSLSessionFinalizeTest.java
index 69611763e32..690b85a1811 100644
--- a/test/jdk/javax/net/ssl/finalize/SSLSessionFinalizeTest.java
+++ b/test/jdk/javax/net/ssl/finalize/SSLSessionFinalizeTest.java
@@ -24,6 +24,7 @@
/*
* @test
* @summary Test behavior related to finalize
+ * @library /test/lib
* @run main/othervm SSLSessionFinalizeTest
* @run main/othervm/policy=security.policy SSLSessionFinalizeTest
*/
@@ -42,6 +43,8 @@
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
+import jdk.test.lib.Utils;
+
public class SSLSessionFinalizeTest {
/*
@@ -104,6 +107,7 @@ void doServerSide() throws Exception {
while (serverReady) {
SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
+
// System.out.printf(" accept: %s%n", sslSocket);
InputStream sslIS = sslSocket.getInputStream();
OutputStream sslOS = sslSocket.getOutputStream();
@@ -192,6 +196,11 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + trustStoreFile;
+ if (Utils.isFIPS()) {
+ keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
diff --git a/test/jdk/javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java b/test/jdk/javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java
index caa96cdb224..09a36ced12c 100644
--- a/test/jdk/javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java
+++ b/test/jdk/javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java
@@ -25,6 +25,7 @@
* @test
* @bug 4750141 4895631 8217579 8163326 8279164
* @summary Check enabled and supported ciphersuites are correct
+ * @library /test/lib
* @run main/othervm CheckCipherSuites default
* @run main/othervm CheckCipherSuites limited
*/
@@ -33,6 +34,9 @@
import java.security.Security;
import javax.net.ssl.*;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class CheckCipherSuites {
// List of enabled cipher suites when the "crypto.policy" security
@@ -130,6 +134,21 @@ public class CheckCipherSuites {
"TLS_EMPTY_RENEGOTIATION_INFO_SCSV"
};
+ // List of enabled cipher suites when the "-Dsemeru.fips=true -Dsemeru.customprofile" security
+ // property is set.
+ private final static String[] ENABLED_FIPS = {
+ "TLS_AES_256_GCM_SHA384",
+ "TLS_AES_128_GCM_SHA256",
+ "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+ "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+ "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
+ "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
+ "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
+ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
+ };
+
// List of supported cipher suites when the "crypto.policy" security
// property is set to "unlimited" (the default value).
private final static String[] SUPPORTED_DEFAULT = {
@@ -225,6 +244,21 @@ public class CheckCipherSuites {
"TLS_EMPTY_RENEGOTIATION_INFO_SCSV"
};
+ // List of enabled cipher suites when the "-Dsemeru.fips=true -Dsemeru.customprofile" security
+ // property is set.
+ private final static String[] SUPPORTED_FIPS = {
+ "TLS_AES_256_GCM_SHA384",
+ "TLS_AES_128_GCM_SHA256",
+ "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+ "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+ "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
+ "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
+ "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
+ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
+ };
+
private static void showSuites(String[] suites) {
if ((suites == null) || (suites.length == 0)) {
System.out.println("");
@@ -243,7 +277,12 @@ public static void main(String[] args) throws Exception {
String[] ENABLED;
String[] SUPPORTED;
- if (args[0].equals("default")) {
+ String[] FIPS;
+
+ if (Utils.isFIPS()) {
+ ENABLED = ENABLED_FIPS;
+ SUPPORTED = SUPPORTED_FIPS;
+ } else if (args[0].equals("default")) {
ENABLED = ENABLED_DEFAULT;
SUPPORTED = SUPPORTED_DEFAULT;
} else if (args[0].equals("limited")) {
diff --git a/test/jdk/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java b/test/jdk/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java
index 2817e3400ab..c43279527f8 100644
--- a/test/jdk/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java
+++ b/test/jdk/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java
@@ -20,10 +20,11 @@
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
-import java.util.Arrays;
+import java.util.*;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
+import jdk.test.lib.Utils;
import jdk.test.lib.security.SecurityUtils;
/*
@@ -77,20 +78,63 @@
public class SystemPropCipherSuitesOrder extends SSLSocketTemplate {
private final String protocol;
- private static String[] servercipherSuites;
- private static String[] clientcipherSuites;
+ private static String[] servercipherSuites = null;
+ private static String[] clientcipherSuites = null;
public static void main(String[] args) {
- servercipherSuites
+
+ if (Utils.isFIPS()) {
+ // if (!SecurityUtils.TLS_PROTOCOLS.contains(args[0])) {
+ // System.out.println(args[0] + " is not supported in FIPS 140-3.");
+ // return;
+ // }
+ List tmpClient = new ArrayList<>();
+ if (System.getProperty("jdk.tls.client.cipherSuites") != null) {
+ for (String clientcipherSuite : toArray(System.getProperty("jdk.tls.client.cipherSuites"))) {
+ if (SecurityUtils.TLS_CIPHERSUITES.containsKey(clientcipherSuite)) {
+ tmpClient.add(clientcipherSuite);
+ System.out.println("jdk.tls.client.cipherSuites: " + clientcipherSuite);
+ }
+ }
+ }
+ List tmpServer = new ArrayList<>();
+ if (System.getProperty("jdk.tls.server.cipherSuites") != null) {
+ for (String servercipherSuite : toArray(System.getProperty("jdk.tls.server.cipherSuites"))) {
+ if (SecurityUtils.TLS_CIPHERSUITES.containsKey(servercipherSuite)) {
+ tmpServer.add(servercipherSuite);
+ System.out.println("jdk.tls.server.cipherSuites: " + servercipherSuite);
+ }
+ }
+ }
+ if (tmpClient.size() != 0) {
+ clientcipherSuites = tmpClient.toArray(new String[0]);
+ }
+ if (tmpServer.size() != 0) {
+ servercipherSuites = tmpServer.toArray(new String[0]);
+ }
+
+ } else {
+ servercipherSuites
= toArray(System.getProperty("jdk.tls.server.cipherSuites"));
- clientcipherSuites
+ clientcipherSuites
= toArray(System.getProperty("jdk.tls.client.cipherSuites"));
+ }
System.out.printf("SYSTEM PROPERTIES: ServerProp:%s - ClientProp:%s%n",
Arrays.deepToString(servercipherSuites),
Arrays.deepToString(clientcipherSuites));
try {
new SystemPropCipherSuitesOrder(args[0]).run();
+ } catch (javax.net.ssl.SSLHandshakeException sslhe) {
+ if (Utils.isFIPS()) {
+ if (!SecurityUtils.TLS_PROTOCOLS.contains(args[0])
+ || (servercipherSuites == null && clientcipherSuites == null)) {
+ if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) {
+ System.out.println("Expected exception msg: is caught.");
+ return;
+ }
+ }
+ }
} catch (Exception e) {
throw new RuntimeException(e);
}
@@ -100,7 +144,9 @@ private SystemPropCipherSuitesOrder(String protocol) {
this.protocol = protocol;
// Re-enable protocol if disabled.
if (protocol.equals("TLSv1") || protocol.equals("TLSv1.1")) {
- SecurityUtils.removeFromDisabledTlsAlgs(protocol);
+ if (!(Utils.isFIPS())) {
+ SecurityUtils.removeFromDisabledTlsAlgs(protocol);
+ }
}
}
diff --git a/test/jdk/javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java b/test/jdk/javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java
index c2171d80889..240ceb3e97d 100644
--- a/test/jdk/javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java
+++ b/test/jdk/javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java
@@ -24,6 +24,7 @@
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
+import jdk.test.lib.Utils;
import jdk.test.lib.security.SecurityUtils;
/*
@@ -59,10 +60,33 @@ public class TLSCipherSuitesOrder extends SSLSocketTemplate {
public static void main(String[] args) {
PROTOCOL protocol = PROTOCOL.valueOf(args[0]);
+ // if (Utils.isFIPS()) {
+ // if (!SecurityUtils.TLS_PROTOCOLS.contains(args[0])) {
+ // System.out.println(args[0] + " is not supported in FIPS 140-3.");
+ // return;
+ // }
+ // }
try {
new TLSCipherSuitesOrder(protocol.getProtocol(),
protocol.getCipherSuite(args[1]),
protocol.getCipherSuite(args[2])).run();
+ } catch (javax.net.ssl.SSLHandshakeException sslex) {
+ if (Utils.isFIPS()) {
+ if (!SecurityUtils.TLS_PROTOCOLS.contains(args[0])) {
+ System.out.println(args[0] + " is not supported in FIPS 140-3.");
+ }
+ if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslex.getMessage())) {
+ System.out.println("Expected exception msg: is caught");
+ return;
+ } else {
+ System.out.println("Unexpected exception msg: <" + sslex.getMessage() + "> is caught");
+ return;
+ }
+ } else {
+ System.out.println("Unexpected exception is caught in Non-FIPS mode");
+ sslex.printStackTrace();
+ return;
+ }
} catch (Exception e) {
throw new RuntimeException(e);
}
@@ -71,8 +95,10 @@ public static void main(String[] args) {
private TLSCipherSuitesOrder(String protocol, String[] clientcipherSuites,
String[] servercipherSuites) {
// Re-enable protocol if it is disabled.
- if (protocol.equals("TLSv1") || protocol.equals("TLSv1.1")) {
- SecurityUtils.removeFromDisabledTlsAlgs(protocol);
+ if (!Utils.isFIPS()) {
+ if (protocol.equals("TLSv1") || protocol.equals("TLSv1.1")) {
+ SecurityUtils.removeFromDisabledTlsAlgs(protocol);
+ }
}
this.protocol = protocol;
this.clientcipherSuites = clientcipherSuites;
diff --git a/test/jdk/javax/net/ssl/sanity/interop/CipherTest.java b/test/jdk/javax/net/ssl/sanity/interop/CipherTest.java
index 39e88abce8e..9ce3e760b4b 100644
--- a/test/jdk/javax/net/ssl/sanity/interop/CipherTest.java
+++ b/test/jdk/javax/net/ssl/sanity/interop/CipherTest.java
@@ -58,6 +58,7 @@ public class CipherTest {
static SecureRandom secureRandom;
private static PeerFactory peerFactory;
+ public static final boolean ISFIPS = Boolean.parseBoolean(System.getProperty("semeru.fips"));
static abstract class Server implements Runnable {
@@ -135,8 +136,24 @@ private CipherTest(PeerFactory peerFactory) throws IOException {
factory = (SSLSocketFactory)SSLSocketFactory.getDefault();
SSLSocket socket = (SSLSocket)factory.createSocket();
String[] cipherSuites = socket.getSupportedCipherSuites();
- String[] protocols = socket.getSupportedProtocols();
- String[] clientAuths = {null, "RSA", "DSA"};
+ String[] protocols = null;
+ String[] clientAuths = null;
+ if (ISFIPS) {
+ clientAuths = new String[]{null, "RSA"};
+ List tmp = new ArrayList<>();
+ for (String protocol : socket.getSupportedProtocols()) {
+ if (protocol.equals("TLSv1.2") || protocol.equals("TLSv1.3")) {
+ tmp.add(protocol);
+ }
+ }
+ if (tmp.size() == 0 || tmp == null) {
+ return;
+ }
+ protocols = tmp.toArray(new String[0]);
+ } else {
+ clientAuths = new String[]{null, "RSA", "DSA"};
+ protocols = socket.getSupportedProtocols();
+ }
tests = new ArrayList(
cipherSuites.length * protocols.length * clientAuths.length);
for (int j = 0; j < protocols.length; j++) {
@@ -248,6 +265,16 @@ public final void run() {
try {
runTest(params);
System.out.println("Passed " + params);
+ } catch (javax.net.ssl.SSLException sslException) {
+ if (ISFIPS) {
+ if ("DSA signing not supported in FIPS".equals(sslException.getMessage())) {
+ System.out.println("Expected exception msg: is caught.");
+ } else {
+ cipherTest.setFailed();
+ System.out.println("** Failed " + params + "**");
+ sslException.printStackTrace();
+ }
+ }
} catch (Exception e) {
cipherTest.setFailed();
System.out.println("** Failed " + params + "**");
diff --git a/test/jdk/javax/net/ssl/sanity/interop/ClientJSSEServerJSSE.java b/test/jdk/javax/net/ssl/sanity/interop/ClientJSSEServerJSSE.java
index 09e40c033b3..179ab260d5a 100644
--- a/test/jdk/javax/net/ssl/sanity/interop/ClientJSSEServerJSSE.java
+++ b/test/jdk/javax/net/ssl/sanity/interop/ClientJSSEServerJSSE.java
@@ -27,17 +27,22 @@
* @summary Verify that all ciphersuites work in all configurations
* @author Andreas Sterbenz
* @library ../../TLSCommon
+ * @library /test/lib
* @run main/othervm/timeout=300 ClientJSSEServerJSSE
*/
import java.security.Security;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
public class ClientJSSEServerJSSE {
public static void main(String[] args) throws Exception {
// reset security properties to make sure that the algorithms
// and keys used in this test are not disabled.
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
- Security.setProperty("jdk.certpath.disabledAlgorithms", "");
+ if (!(Utils.isFIPS())) {
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ Security.setProperty("jdk.certpath.disabledAlgorithms", "");
+ }
CipherTest.main(new JSSEFactory(), args);
}
diff --git a/test/jdk/javax/net/ssl/sanity/pluggability/CheckSSLContextExport.java b/test/jdk/javax/net/ssl/sanity/pluggability/CheckSSLContextExport.java
index dcf0fab42c9..8a4e9e6afe1 100644
--- a/test/jdk/javax/net/ssl/sanity/pluggability/CheckSSLContextExport.java
+++ b/test/jdk/javax/net/ssl/sanity/pluggability/CheckSSLContextExport.java
@@ -25,11 +25,15 @@
* @test
* @bug 4635454 6208022 8130181
* @summary Check pluggability of SSLContext class.
+ * @library /test/lib
*/
import java.security.*;
import java.net.*;
import javax.net.ssl.*;
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
public class CheckSSLContextExport extends Provider {
private static String info = "test provider for JSSE pluggability";
@@ -45,8 +49,12 @@ public static void test(String protocol) throws Exception {
String providerName = mySSLContext.getProvider().getName();
if (!providerName.equals("TestJSSEPluggability")) {
- System.out.println(providerName + "'s SSLContext is used");
- throw new Exception("...used the wrong provider: " + providerName);
+ if (!(Utils.isFIPS())) {
+ System.out.println(providerName + "'s SSLContext is used");
+ throw new Exception("...used the wrong provider: " + providerName);
+ } else {
+ System.out.println("In FIPS mode, we dont support customized provider yet, " + providerName + "'s SSLContext is used");
+ }
}
for (int i = 0; i < 2; i++) {
boolean standardCiphers = true;
@@ -112,7 +120,16 @@ public static void main(String[] argv) throws Exception {
try {
for (int i = 0; i < protocols.length; i++) {
System.out.println("Testing " + protocols[i] + "'s SSLContext");
- test(protocols[i]);
+ try {
+ test(protocols[i]);
+ } catch (java.lang.IllegalStateException ise) {
+ if (Utils.isFIPS()) {
+ if (protocols[i].equals("SSL") && "SSLContext is not initialized".equals(ise.getMessage())) {
+ System.out.println("SSL is not supported in FIPS140-3.");
+ continue;
+ }
+ }
+ }
}
System.out.println("Test Passed");
} finally {
diff --git a/test/jdk/javax/net/ssl/templates/NetSslUtils.java b/test/jdk/javax/net/ssl/templates/NetSslUtils.java
new file mode 100644
index 00000000000..14b611d4e4e
--- /dev/null
+++ b/test/jdk/javax/net/ssl/templates/NetSslUtils.java
@@ -0,0 +1,108 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+ import java.security.Security;
+ import java.security.Provider;
+ import java.util.List;
+ import java.util.ArrayList;
+ import java.util.Map;
+ import java.util.HashMap;
+
+ import java.io.FileInputStream;
+ import java.io.FileOutputStream;
+ import java.security.KeyStore;
+ import java.security.Key;
+ import java.security.cert.Certificate;
+ import java.util.Enumeration;
+
+ public class NetSslUtils {
+ public static final List TLS_PROTOCOLS = new ArrayList<>();
+ public static final Map TLS_CIPHERSUITES = new HashMap<>();
+
+ public static final String isFIPS = System.getProperty("semeru.fips");
+ public static boolean isFIPS() {
+ System.out.println("semeru.fips is: " + System.getProperty("semeru.fips"));
+ return Boolean.parseBoolean(isFIPS);
+ }
+
+ public static final String FIPS_PROFILE = System.getProperty("semeru.customprofile");
+ public static String getFipsProfile() {
+ System.out.println("semeru.customprofile is: " + System.getProperty("semeru.customprofile"));
+ return FIPS_PROFILE;
+ }
+
+ public static String revertJKSToPKCS12(String keyFilename, String passwd) {
+ String p12keyFilename = keyFilename + ".p12";
+ try {
+ KeyStore jksKeystore = KeyStore.getInstance("JKS");
+ try (FileInputStream fis = new FileInputStream(keyFilename)) {
+ jksKeystore.load(fis, passwd.toCharArray());
+ }
+
+ KeyStore pkcs12Keystore = KeyStore.getInstance("PKCS12");
+ pkcs12Keystore.load(null, null);
+
+ Enumeration aliasesKey = jksKeystore.aliases();
+ while (aliasesKey.hasMoreElements()) {
+ String alias = aliasesKey.nextElement();
+ if (jksKeystore.isKeyEntry(alias)) {
+ char[] keyPassword = passwd.toCharArray();
+ Key key = jksKeystore.getKey(alias, keyPassword);
+ Certificate[] chain = jksKeystore.getCertificateChain(alias);
+ pkcs12Keystore.setKeyEntry(alias, key, passwd.toCharArray(), chain);
+ } else if (jksKeystore.isCertificateEntry(alias)) {
+ Certificate cert = jksKeystore.getCertificate(alias);
+ pkcs12Keystore.setCertificateEntry(alias, cert);
+ }
+ }
+
+ try (FileOutputStream fos = new FileOutputStream(p12keyFilename)) {
+ pkcs12Keystore.store(fos, passwd.toCharArray());
+ }
+ System.out.println("JKS keystore converted to PKCS12 successfully.");
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ return p12keyFilename;
+ }
+
+ static {
+ TLS_PROTOCOLS.add("TLSv1.2");
+ TLS_PROTOCOLS.add("TLSv1.3");
+
+ TLS_CIPHERSUITES.put("TLS_AES_128_GCM_SHA256", "TLSv1.3");
+ TLS_CIPHERSUITES.put("TLS_AES_256_GCM_SHA384", "TLSv1.3");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
+ }
+ }
\ No newline at end of file
diff --git a/test/jdk/javax/net/ssl/templates/SSLContextTemplate.java b/test/jdk/javax/net/ssl/templates/SSLContextTemplate.java
index 568575faaee..88f8c8cc27f 100644
--- a/test/jdk/javax/net/ssl/templates/SSLContextTemplate.java
+++ b/test/jdk/javax/net/ssl/templates/SSLContextTemplate.java
@@ -112,7 +112,7 @@ protected TrustManager createTrustManager(Cert[] trustedCerts,
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream is;
- KeyStore ts = KeyStore.getInstance("JKS");
+ KeyStore ts = KeyStore.getInstance("JKS");
ts.load(null, null);
if (trustedCerts != null && trustedCerts.length != 0) {
diff --git a/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java b/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java
index fa6cccbcdcf..ed2bef460b2 100644
--- a/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java
+++ b/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java
@@ -176,6 +176,9 @@ protected void configureServerSocket(SSLServerSocket socket) {
protected void doServerSide() throws Exception {
// kick start the server side service
SSLContext context = createServerSSLContext();
+ // if (context == null) {
+ // return;
+ // }
SSLServerSocketFactory sslssf = context.getServerSocketFactory();
InetAddress serverAddress = this.serverAddress;
SSLServerSocket sslServerSocket = serverAddress == null ?
@@ -266,6 +269,9 @@ protected void doClientSide() throws Exception {
}
SSLContext context = createClientSSLContext();
+ // if (context == null) {
+ // return;
+ // }
SSLSocketFactory sslsf = context.getSocketFactory();
try (SSLSocket sslSocket = (SSLSocket)sslsf.createSocket()) {
diff --git a/test/jdk/javax/net/ssl/templates/TLSBase.java b/test/jdk/javax/net/ssl/templates/TLSBase.java
index bcddb1147c8..38557a0550c 100644
--- a/test/jdk/javax/net/ssl/templates/TLSBase.java
+++ b/test/jdk/javax/net/ssl/templates/TLSBase.java
@@ -20,7 +20,6 @@
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
-
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
@@ -72,6 +71,12 @@ abstract public class TLSBase {
String trustFilename =
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + trustStoreFile;
+
+ if (NetSslUtils.isFIPS()) {
+ keyFilename = NetSslUtils.revertJKSToPKCS12(keyFilename, passwd);
+ trustFilename = NetSslUtils.revertJKSToPKCS12(trustFilename, passwd);
+ }
+
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
diff --git a/test/lib/jdk/test/lib/Utils.java b/test/lib/jdk/test/lib/Utils.java
index f84ddab6d55..ef3c42d255c 100644
--- a/test/lib/jdk/test/lib/Utils.java
+++ b/test/lib/jdk/test/lib/Utils.java
@@ -59,6 +59,12 @@
import java.util.function.Function;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.security.KeyStore;
+import java.security.Key;
+import java.security.cert.Certificate;
+import java.util.Enumeration;
import static jdk.test.lib.Asserts.assertTrue;
import jdk.test.lib.process.ProcessTools;
@@ -148,6 +154,54 @@ public final class Utils {
* Contains the seed value used for {@link java.util.Random} creation.
*/
public static final long SEED;
+
+ public static final String isFIPS = System.getProperty("semeru.fips");
+ public static boolean isFIPS() {
+ System.out.println("semeru.fips is: " + System.getProperty("semeru.fips"));
+ return Boolean.parseBoolean(isFIPS);
+ }
+
+ public static final String FIPS_PROFILE = System.getProperty("semeru.customprofile");
+ public static String getFipsProfile() {
+ System.out.println("semeru.customprofile is: " + System.getProperty("semeru.customprofile"));
+ return FIPS_PROFILE;
+ }
+
+ public static String revertJKSToPKCS12(String keyFilename, String passwd) {
+ String p12keyFilename = keyFilename + ".p12";
+ try {
+ KeyStore jksKeystore = KeyStore.getInstance("JKS");
+ try (FileInputStream fis = new FileInputStream(keyFilename)) {
+ jksKeystore.load(fis, passwd.toCharArray());
+ }
+
+ KeyStore pkcs12Keystore = KeyStore.getInstance("PKCS12");
+ pkcs12Keystore.load(null, null);
+
+ Enumeration aliasesKey = jksKeystore.aliases();
+ while (aliasesKey.hasMoreElements()) {
+ String alias = aliasesKey.nextElement();
+ if (jksKeystore.isKeyEntry(alias)) {
+ char[] keyPassword = passwd.toCharArray();
+ Key key = jksKeystore.getKey(alias, keyPassword);
+ Certificate[] chain = jksKeystore.getCertificateChain(alias);
+ pkcs12Keystore.setKeyEntry(alias, key, passwd.toCharArray(), chain);
+ } else if (jksKeystore.isCertificateEntry(alias)) {
+ Certificate cert = jksKeystore.getCertificate(alias);
+ pkcs12Keystore.setCertificateEntry(alias, cert);
+ }
+ }
+
+ try (FileOutputStream fos = new FileOutputStream(p12keyFilename)) {
+ pkcs12Keystore.store(fos, passwd.toCharArray());
+ }
+ System.out.println("JKS keystore converted to PKCS12 successfully.");
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ return p12keyFilename;
+ }
+
static {
var seed = Long.getLong(SEED_PROPERTY_NAME);
if (seed != null) {
diff --git a/test/lib/jdk/test/lib/security/SecurityUtils.java b/test/lib/jdk/test/lib/security/SecurityUtils.java
index 319416a466c..cfd96bd6362 100644
--- a/test/lib/jdk/test/lib/security/SecurityUtils.java
+++ b/test/lib/jdk/test/lib/security/SecurityUtils.java
@@ -30,6 +30,7 @@
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;
+import java.util.*;
/**
* Common library for various security test helper functions.
@@ -126,4 +127,23 @@ private static boolean anyMatch(String value, List algs) {
}
private SecurityUtils() {}
+
+ public static final List TLS_PROTOCOLS = new ArrayList<>();
+ public static final Map TLS_CIPHERSUITES = new HashMap<>();
+
+ static {
+ TLS_PROTOCOLS.add("TLSv1.2");
+ TLS_PROTOCOLS.add("TLSv1.3");
+
+ TLS_CIPHERSUITES.put("TLS_AES_128_GCM_SHA256", "TLSv1.3");
+ TLS_CIPHERSUITES.put("TLS_AES_256_GCM_SHA384", "TLSv1.3");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
+ TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
+ }
}